header-logo
Suggest Exploit
vendor:
Nagios
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command-Injection
78
CWE
Product Name: Nagios
Affected Version From: N/A
Affected Version To: Nagios 3.1.1
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

Nagios Remote Command-Injection Vulnerability

Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application. For an exploit to succeed, access to the WAP interface's ping feature must be allowed.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to execute arbitrary commands.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/35464/info

Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application.

NOTE: For an exploit to succeed, access to the WAP interface's ping feature must be allowed.

Versions prior to Nagios 3.1.1 are vulnerable. 

The following example URI is available:

https://www.example.com/nagios/cgi-bin/statuswml.cgi?ping=173.45.235.65%3Becho+%24PATH

Navigation

Suggest Exploit

Services By CQR