Unrated severityNVD Advisory· Published Oct 26, 2021· Updated Aug 4, 2024
CVE-2021-40344
CVE-2021-40344
Description
An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Nagios XI/Nagios XIdescription
Patches
Vulnerability mechanics
References
3- assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXTmitrex_refsource_MISC
- synacktiv.commitrex_refsource_MISC
- www.synacktiv.com/sites/default/files/2021-10/Nagios_XI_multiple_vulnerabilities_0.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.