CVE-2019-20197

HIGH

Nagios XI 5.6.9 - Authenticated OS Command Injection via schedulereport.php id Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-20197. PoCs published by jas502n, lp008.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2019-20197, a remote command execution vulnerability in Nagios XI <= v5.6.9. The exploit leverages command injection via the 'id' parameter in the schedulereport.php component, allowing an attacker to execute arbitrary commands on the target system.

Description

In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.

Exploits (2)

nomisec WORKING POC 23 stars

by jas502n · poc

https://github.com/jas502n/CVE-2019-20197

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2019-20197, a remote command execution vulnerability in Nagios XI <= v5.6.9. The exploit leverages command injection via the 'id' parameter in the schedulereport.php component, allowing an attacker to execute arbitrary commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Nagios XI <= v5.6.9

Auth required

Prerequisites: Access to the Nagios XI web interface · Valid session cookies for authentication

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by lp008 · poc

https://github.com/lp008/CVE-2019-20197

View Code ZIP pw:eip

The repository contains a functional proof-of-concept exploit for CVE-2019-20197, a remote command execution vulnerability in Nagios XI. The exploit leverages command injection via the 'id' parameter in a POST request to execute arbitrary commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Nagios XI

Auth required

Prerequisites: Valid session cookie (nagiosxi) · Network access to the target system

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://code610.blogspot.com/2019/12/postauth-rce-in-latest-nagiosxi.html

Scores

CVSS v3 8.8

EPSS 0.2240

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

nagios/nagios_xi 5.6.9

Published Dec 31, 2019

Tracked Since Feb 18, 2026