An issue exists in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nagios nagios xi 5.4.13 |