CVE-2009-2288

EXPLOITED

Nagios < 3.1.1 - OS Command Injection via statuswml.cgi Ping or Traceroute Parameters

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2009-2288 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Metasploit, H D Moore, Paul, including a Metasploit module exploits/unix/webapp/nagios3_statuswml_ping.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Nagios3's statuswml.cgi script by injecting shell metacharacters into the 'ping' parameter, allowing arbitrary command execution.

Description

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappscgi
https://www.exploit-db.com/exploits/16908

This Metasploit module exploits a command injection vulnerability in Nagios3's statuswml.cgi script by injecting shell metacharacters into the 'ping' parameter, allowing arbitrary command execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Nagios3 statuswml.cgi
Auth required
Prerequisites: Network access to the Nagios3 web interface · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by H D Moore · rubywebappsunix
https://www.exploit-db.com/exploits/9861

This Metasploit module exploits a command injection vulnerability in Nagios3's statuswml.cgi script by injecting shell metacharacters into the 'ping' parameter, allowing arbitrary command execution. It authenticates with provided credentials and sends a crafted POST request to trigger the payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Nagios3 statuswml.cgi
Auth required
Prerequisites: Network access to the target · Valid credentials for Nagios3 · Target running vulnerable Nagios3 version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Paul · textremotecgi
https://www.exploit-db.com/exploits/33051

This exploit demonstrates a command injection vulnerability in Nagios via the WAP interface's ping feature. The URI example shows how arbitrary shell commands can be executed by appending them to the ping parameter.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Nagios versions prior to 3.1.1
No auth needed
Prerequisites: Access to the WAP interface's ping feature must be allowed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by hdm · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/nagios3_statuswml_ping.rb

This Metasploit module exploits a metacharacter injection vulnerability in Nagios3's statuswml.cgi script, allowing remote command execution via the 'ping' parameter. It sends a crafted POST request with shell metacharacters to execute arbitrary commands.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Nagios3 statuswml.cgi
Auth required
Prerequisites: Network access to the target · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39227
Exploit x_refsource_confirm
http://tracker.nagios.org/view.php?id=15
Various Sources x_refsource_confirm
http://www.nagios.org/development/history/core-3x/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022503
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-795-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35688
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200907-15.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35543
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=126996888626964&w=2
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0750
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35692
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1825

Scores

EPSS 0.9326
EPSS Percentile 99.8%

Details

VulnCheck KEV 2020-12-01
CWE
CWE-78
Status published
Products (18)
nagios/nagios 1.0
nagios/nagios 1.0b1
nagios/nagios 1.0b2
nagios/nagios 1.0b4
nagios/nagios 1.1
nagios/nagios 1.4.1
nagios/nagios 2.0
nagios/nagios 2.0b4
nagios/nagios 2.7
nagios/nagios 2.10
... and 8 more
Published Jul 01, 2009
Tracked Since Feb 18, 2026