CVE-2021-37347
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.
Source: CVE-2021-37347
CVE-2021-37347
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.
Source: CVE-2021-37347
CVE-2021-37345
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.
Source: CVE-2021-37345
CVE-2021-37344
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
Source: CVE-2021-37344
CVE-2021-37353
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.
Source: CVE-2021-37353
CVE-2021-37352
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.
Source: CVE-2021-37352
CVE-2021-37351
Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.
Source: CVE-2021-37351
CVE-2021-37350
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.
Source: CVE-2021-37350
CVE-2021-37349
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.
Source: CVE-2021-37349
CVE-2021-37348
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.
Source: CVE-2021-37348
CVE-2021-37346
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).
Source: CVE-2021-37346