Command Injection Vulnerability in Nagios Fusion Affected Products by Nagios
CVE-2020-28901

9.8CRITICAL

Key Information:

Vendor: Nagios
Status: Fusion
Vendor: CVE Published:; 24 May 2021

What is CVE-2020-28901?

A command injection vulnerability in Nagios Fusion versions up to 4.1.8 allows an attacker to escalate privileges and execute arbitrary code as root. This security flaw arises from issues in the cmd_subsys.php component, particularly concerning corrupt component installations. If exploited, attackers could manipulate command inputs, potentially compromising the integrity and security of affected systems.