CVE-2021-40904

HIGH

CheckMK Raw Edition 1.5.0-1.6.0 - Authenticated Remote Code Execution via Dokuwiki Misconfiguration

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-40904. PoCs published by Edgarloyola.

AI-analyzed exploit summary This repository provides a writeup for CVE-2021-40904, detailing an RCE vulnerability in CheckMK's Dokuwiki embedded application due to PHP code misconfiguration. It includes references, a timeline, and a demo image but lacks actual exploit code.

Description

The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator.

Exploits (1)

nomisec WRITEUP 1 stars
by Edgarloyola · poc
https://github.com/Edgarloyola/CVE-2021-40904

This repository provides a writeup for CVE-2021-40904, detailing an RCE vulnerability in CheckMK's Dokuwiki embedded application due to PHP code misconfiguration. It includes references, a timeline, and a demo image but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CheckMK Raw Edition (1.5.0 to 1.5.0p25)
Auth required
Prerequisites: Access to the web management interface · Valid credentials or hijacked admin session
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/Edgarloyola/CVE-2021-40904
Product x_refsource_misc
http://checkmk.com

Scores

CVSS v3 8.8
EPSS 0.0376
EPSS Percentile 88.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-276
Status published
Products (1)
checkmk/checkmk 1.5.0 - 1.6.0
Published Mar 25, 2022
Tracked Since Feb 18, 2026