Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nagios XI < 2024R1.3.2 Authenticated Arbitrary File Upload Path Traversal RCE
Vulnerability Description
Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename operations. Exploitation results in the placement of attacker-controlled PHP files in a web-accessible directory, executed as the www-data user.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Nagios XI 安全漏洞
Vulnerability Description
Nagios XI是美国Nagios公司的一套IT基础设施监控解决方案。该方案支持对应用、服务、操作系统等进行监控和预警。 Nagios XI 2024R1.3.2之前版本存在安全漏洞,该漏洞源于文件路径和扩展名验证不足,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A