Arbitrary File Upload Vulnerability in Nagios XI 5.8.5

Arbitrary File Upload Vulnerability in Nagios XI 5.8.5

CVE-2021-40344 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.

Learn more about our Cis Benchmark Audit For Apple Ios.