CVE-2019-15949
/Play/Monitoring/3-Exploitation/attachments/{1CC35B2D-894C-459A-9415-53470C597E38}.png)
A vulnerability, which was classified as critical, was found in Nagios XI up to 5.6.5. This affects an unknown part of the file profile.php?cmd=download of the component Web Interface. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2019-15949. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
Exploit
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/monitoring]
└─$ searchsploit -m multiple/webapps/52138.txt ; mv 52138.txt CVE-2019-15949.py
Exploit: Nagios Xi 5.6.6 - Authenticated Remote Code Execution (RCE)
URL: https://www.exploit-db.com/exploits/52138
Path: /usr/share/exploitdb/exploits/multiple/webapps/52138.txt
Codes: CVE-2019-15949
Verified: False
File Type: Python script, Unicode text, UTF-8 text executable
Copied to: /home/kali/PEN-200/PG_PLAY/monitoring/52138.txtExploit locally available. Moving on to the Exploitation phase.