漏洞描述
Nagios XI是一套IT基础设施监控解决方案。Nagios XI存在远程代码执行漏洞,此漏洞是由于command_test.php接口对用户的请求验证不当导致的。
Nagios XI CVE-2023-48085 远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- Nagios XI-默认口令漏洞
- Nagios Log Server 需授权 命令注入漏洞
- Nagios Log Server 权限管理不当漏洞
- POC CVE-2018-10735: NagiosXI <= 5.4.12 `commandline.php` SQL injection
- POC CVE-2018-10736: NagiosXI <= 5.4.12 - SQL injection
- POC CVE-2018-10737: NagiosXI <= 5.4.12 logbook.php SQL injection
- POC CVE-2018-10738: NagiosXI <= 5.4.12 menuaccess.php - SQL injection
- POC CVE-2021-25296: Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
- POC CVE-2021-25297: Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection
- POC CVE-2021-25298: Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
- POC CVE-2021-25299: Nagios XI 5.7.5 - Cross-Site Scripting
- POC CVE-2021-38156: Nagios XI < 5.8.6 - Cross-Site Scripting
- POC CVE-2022-29272: Nagios XI <5.8.5 - Open Redirect