CVE-2020-36863

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.2

Description Nagios XI versions prior to 5.7.2 permit the upload and execution of PHP files within the Audio Import directory. The upload process does not adequately restrict file types or ensure storage outside the webroot, and the web server allows execution within the upload directory. An authenticated attacker with access to the audio import feature can upload a malicious PHP file and then request it, leading to remote code execution with the privileges of the application service.

Recommendations Update to version 5.7.2 or later.