CVE-2020-5791

HIGH

Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-5791. PoCs published by Matthew Aberegg, Erik Wynter, Chris Lyne, Matthew Aberegg, Erik Wynter, including Metasploit module auxiliary/scanner/http/nagios_xi_scanner.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in Nagios XI 5.7.3 via the 'mibs.php' file. It authenticates with provided credentials and injects a reverse shell payload to establish a connection to an attacker-controlled host.

Description

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.

Exploits (3)

exploitdb WORKING POC
by Matthew Aberegg · pythonwebappsphp
https://www.exploit-db.com/exploits/48959

This exploit targets a command injection vulnerability in Nagios XI 5.7.3 via the 'mibs.php' file. It authenticates with provided credentials and injects a reverse shell payload to establish a connection to an attacker-controlled host.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Nagios XI 5.7.3
Auth required
Prerequisites: Valid Nagios XI credentials · Network access to the target · Attacker-controlled host to receive the reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit SCANNER
by Erik Wynter · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/nagios_xi_scanner.rb

This Metasploit module scans Nagios XI installations to detect their version and suggests matching exploit modules based on the version number. It supports both authenticated and unauthenticated checks, with authenticated checks requiring valid credentials.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Nagios XI
Auth required
Prerequisites: Valid credentials for Nagios XI (for authenticated checks) · Network access to the target Nagios XI instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Chris Lyne, Matthew Aberegg, Erik Wynter · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagios_xi_mibs_authenticated_rce.rb

This Metasploit module exploits CVE-2020-5791, an authenticated OS command injection vulnerability in Nagios XI's `admin/mibs.php`. It allows an authenticated admin user to execute arbitrary commands as the `apache` or `www-data` user on vulnerable versions (5.6.0 to 5.7.3).

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Nagios XI 5.6.0-5.7.3
Auth required
Prerequisites: Valid Nagios XI admin credentials · Network access to the Nagios XI web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2020-58
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/159743/Nagios-XI-5.7.3-Remote-Command-Injection.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/162235/Nagios-XI-5.7.3-Remote-Code-Execution.html

Scores

CVSS v3 7.2
EPSS 0.7863
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
nagios/nagios_xi 5.6.0 - 5.7.3
Published Oct 20, 2020
Tracked Since Feb 18, 2026