Published: 20/02/2023 Updated: 21/12/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an malicious user to inject and execute PHP code which will be executed upon request of the vulnerable component.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tribe29 checkmk 2.1.0
tribe29 checkmk 2.0.0
tribe29 checkmk 1.6.0

Authenticated Remote Code Execution by abusing a single quote injection to write to an auth.php file imported by the NagVis component in Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29

CVE-2022-46836 - Remote Code Execution This exploit abuses an authenticated remote code execution CVE in Checkmk <= 210p10, Checkmk <= 200p27, and Checkmk <= 160p29 to create a reverse shell CVE-2022-46836 - PHP code injection in watolib authphp and hosttagsphp allows us to write arbitrary php code into the application This injection is possible

unauthenticated (2.1.0 - 2.1.0.p11) / authenticated (<2.1.0p12) RCE exploit for Checkmk.

checkmk-race unauthenticated (210 - 210p11) / authenticated (<210p12) RCE exploit for Checkmk SSRF---------->LQL Injection--->Arb File Deletion--->Race Condition--->Arb File Read--->Code Injection == Win! CVE-2022-48321 CVE-2022-46836

CWE-94 https://checkmk.com/werk/14383 https://www.sonarsource.com/blog/checkmk-rce-chain-3/https://nvd.nist.gov https://github.com/JacobEbben/CVE-2022-46836_remote_code_execution

CVE-2022-46836

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect