CVE-2021-3277
7.2 HIGHNagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality ...
Published: 2021-06-07 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.2 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-434
Affected products
| Vendor | Product |
|---|---|
| nagios | nagios_xi |
Description
Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-40345 — An issue was discovered in Nagios XI 5.8.5 (7.2 HIGH)
- CVE-2021-40344 — An issue was discovered in Nagios XI 5.8.5 (7.2 HIGH)
- CVE-2021-40343 — An issue was discovered in Nagios XI 5.8.5 (7.8 HIGH)
- CVE-2021-38156 — In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard (5.4 MEDIUM)
- CVE-2021-3273 — Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component (7.2 HIGH)
Same CWE
- CVE-2026-40750 — Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server (9.9 CRITICAL)
- CVE-2026-6933 — The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and inclu... (8.8 HIGH)
- CVE-2026-40772 — Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions (10.0 CRITICAL)
- CVE-2026-39591 — Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions (9.9 CRITICAL)
- CVE-2026-39527 — Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions (5.4 MEDIUM)