Nagios IM 2.6 remote code execution exploit: CSRF + SQLi + RCE + LPE --> remote root
CVE-2019-9202
Nagios IM 26 remote code execution exploit: CSRF + SQLi + RCE + LPE --> remote root
Description
By chaining a Cross-Site Request Forgery (CSRF) / authorization bypass (CVE-2019-9203) it is possible to exploit a Union-based SQL injection (CVE-2019-9204), a Remote Code Execution (RCE) (CVE-2019-9202) and a Local Privilege Escalation (LPE) (CVE-2019-9166), ob