An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-10-26T10:52:00
Updated: 2024-08-04T02:27:31.907Z
Reserved: 2021-08-31T00:00:00
Link: CVE-2021-40344
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-10-26T11:15:07.713
Modified: 2021-11-02T14:54:49.577
Link: CVE-2021-40344
Redhat
No data.