CVE-2008-5027

Priority
Description
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before
4.0.1 allows remote authenticated users to bypass authorization checks, and
trigger execution of arbitrary programs by this process, via an (a) custom
form or a (b) browser addon.
Notes
 mdeslaur> Nagios 1.x doesn't have the CHANGE commands, so authenticated users
  wouldn't be able to trigger arbitrary programs. They could bypass
  authorization checks by submitting commands with linefeeds though.
 mdeslaur> Also see CVE-2008-6373
More Information

Updated: 2019-03-19 11:47:47 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)