VYPR
Unrated severityNVD Advisory· Published Oct 5, 2021· Updated Aug 4, 2024

CVE-2021-37223

CVE-2021-37223

Description

Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nagios Enterprises/NagiosXIdescription
  • Nagios/Nagiosxillm-fuzzy
    Range: <=5.8.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.