CVE-2023-53948

Name of the Vulnerable Software and Affected Versions Lilac-Reloaded for Nagios version 2.0.8

Description The software contains a remote code execution issue in the autodiscovery feature. Attackers can inject arbitrary commands due to a lack of input filtering in the nmap binary parameter. Exploitation involves sending a crafted POST request to the autodiscovery endpoint, potentially allowing attackers to execute a reverse shell.

Recommendations Versions prior to 2.0.8 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.