CVE-2022-46836

CRITICAL

Tribe29's Checkmk <2.1.0p10-<2.0.0p27-<1.6.0p29 - Code Injection

Title source: llm

Description

PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component.

Exploits (1)

nomisec WORKING POC 1 stars

by JacobEbben · poc

https://github.com/JacobEbben/CVE-2022-46836_remote_code_execution

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://checkmk.com/werk/14383

[Exploit, Third Party Advisory] https://www.sonarsource.com/blog/checkmk-rce-chain-3/

Scores

CVSS v3 9.1

EPSS 0.0214

EPSS Percentile 84.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Details

CWE

CWE-94 CWE-20

Status published

Products (2)

checkmk/checkmk 2.1.0 (20 CPE variants)

checkmk/checkmk 2.0.0 (30 CPE variants)

Published Feb 20, 2023

Tracked Since Feb 18, 2026