Security Advisory

CVE-2021-40344

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-26 10:52:00

Last updated 2024-08-04 02:27:31

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.

← Browse all CVEs View on cve.org ↗