CVE-2019-15949

This Metasploit module exploits CVE-2019-15949 in Nagios XI before 5.6.6 to achieve authenticated remote command execution as root by uploading a malicious plugin and triggering its execution via a system profile download request.

This exploit leverages an authenticated file upload vulnerability in Nagios XI to achieve remote code execution by uploading a malicious plugin disguised as 'check_ping'. The payload establishes a reverse shell to the attacker's specified IP and port.

This repository contains a functional Python exploit for CVE-2019-15949, which leverages a privilege escalation vulnerability in Nagios XI <= 5.6.5. The exploit uploads a malicious plugin via the web interface and triggers it to achieve root RCE.

This repository contains a functional Python exploit for CVE-2019-15949, an authenticated remote code execution vulnerability in Nagios XI. The exploit authenticates to the target, uploads a malicious plugin, and executes a reverse shell payload.

This Metasploit module exploits an authenticated RCE vulnerability in Nagios XI prior to 5.6.6 by uploading a malicious 'check_ping' plugin via the monitoring plugins interface and executing it through a GET request to the profile download endpoint.