Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nagios Log Server < 2026R1.0.1 Authenticated Command Injection via Natural Language Queries
Vulnerability Description
Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection parameters—are read from the global configuration and concatenated into a shell command that is executed via shell_exec() without proper input handling or command-line argument sanitation. An authenticated user with access to the 'Global Settings' page can supply crafted values in these fields to inject additional shell commands, resulting in arbitrary command execution as the 'www-data' user and compromise of the Log Server host.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Nagios Log Server 安全漏洞
Vulnerability Description
Nagios Log Server是美国Nagios公司的一套集中式日志管理、监控和分析软件。 Nagios Log Server 2026R1.0.1之前版本存在安全漏洞,该漏洞源于实验性Natural Language Queries功能存在命令注入漏洞,可能导致执行任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A