Nagios.XI.Custom-includes.Manage.php.Directory.Traversal
Description
This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Nagios Enterprises Nagios XI.
The vulnerability is due to insufficient validation of the request parameters in manage.php of the Custom-includes module. A remote authenticated attacker can exploit this vulnerability by sending a crafted request to the server. Successful exploitation could result in arbitrary file write and possible code execution on the target server.
Affected Products
Nagios Enterprises Nagios XI prior to 5.8.2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://assets.nagios.com/downloads/nagiosxi/5/xi-5.8.2.tar.gz
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |