CVE-2020-36867

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.3

Description Nagios XI versions prior to 5.7.3 contain a command injection issue in the report PDF download/export functionality. Insufficient validation or improper escaping of user-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities allows an authenticated attacker who can trigger PDF exports to inject shell metacharacters or arguments.

Recommendations Update to version 5.7.3 or later.