CVE-2021-40344

Name of the Vulnerable Software and Affected Versions Nagios XI version 5.8.5

Description An issue was discovered in the Custom Includes section of the Admin panel, where an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. This allows the upload of a crafted PHP script to achieve remote command execution.

Recommendations For Nagios XI version 5.8.5, consider disabling the file upload feature in the Custom Includes section of the Admin panel until a patch is available. Restrict access to the Admin panel to minimize the risk of exploitation. Avoid using the file upload feature with arbitrary extensions to prevent potential remote command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.