7.2
CVSSv3

CVE-2024-13723

CVSSv4: NA | CVSSv3: 7.2 | CVSSv2: NA | VMScore: 820 | EPSS: 0.00045 | KEV: Not Included
Published: 04/02/2025 Updated: 06/02/2025

Vulnerability Summary

Remote Code Execution in Checkmk NagVis via Authenticated Administrative File Upload

A remote code execution vulnerability exists in the NagVis component of Checkmk. An attacker who has administrative access can upload a malicious PHP file and modify specific settings to execute the harmful file's contents through PHP. This vulnerability allows an authenticated user with high-level privileges to potentially run unauthorized code within the system.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

checkmk nagvis

Mailing Lists

KL-001-2025-002: Checkmk NagVis Remote Code Execution Title: Checkmk NagVis Remote Code Execution Advisory ID: KL-001-2025-002 Publication Date: 2025-02-04 Publication URL: korelogiccom/Resources/Advisories/KL-001-2025-002txt 1 Vulnerability Details      Affected Vendor: Checkmk      Affected P ...
KL-001-2025-002: Checkmk NagVis Remote Code Execution Title: Checkmk NagVis Remote Code Execution Advisory ID: KL-001-2025-002 Publication Date: 2025-02-04 Publication URL: korelogiccom/Resources/Advisories/KL-001-2025-002txt 1 Vulnerability Details      Affected Vendor: Checkmk      Affected P ...