Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.
CVSS Score
9.8
EPSS Score
0.055
Published
2021-05-24
Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
CVSS Score
9.8
EPSS Score
0.104
Published
2021-05-24
Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS.
CVSS Score
6.1
EPSS Score
0.189
Published
2021-05-24
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-05-24
Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination.
CVSS Score
8.8
EPSS Score
0.592
Published
2021-05-24
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.
CVSS Score
6.1
EPSS Score
0.033
Published
2018-06-16
Page 2