CVE-2008-5027 (retired)

The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before
4.0.1 allows remote authenticated users to bypass authorization checks, and
trigger execution of arbitrary programs by this process, via an (a) custom
form or a (b) browser addon.
 mdeslaur> Nagios 1.x doesn't have the CHANGE commands, so authenticated users
  wouldn't be able to trigger arbitrary programs. They could bypass
  authorization checks by submitting commands with linefeeds though.
 mdeslaur> Also see CVE-2008-6373
More Information

Updated: 2019-03-26 11:45:51 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)