CVE-2018-25122

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.4.13

Description An issue in the Component Download page allows an authenticated user to execute arbitrary code with the privileges of the application service. This occurs because the download/import handler uses unsafe command construction with attacker-controlled input and lacks sufficient validation and output encoding, enabling command injection.

Recommendations Update to version 5.4.13 or later.