The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-05T21:00:00
Updated: 2024-08-05T10:17:37.835Z
Reserved: 2018-08-29T00:00:00
Link: CVE-2018-16146
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-09-05T21:29:02.797
Modified: 2024-11-21T03:52:09.833
Link: CVE-2018-16146
Redhat
No data.