CVE-2019-20197
HIGH WAF: High
CVSS 8.8
Published: 2019-12-31
CWE-78
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| nagios | nagios_xi | 5.6.9 |
References
- code610.blogspot.com (Exploit, Third Party Advisory)