CVE-2009-2288

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.

Published: Jul 1, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-2288
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
nagios / nagios	3.0-alpha3	3.0-alpha3.x
nagios / nagios	2.7	2.7.x
nagios / nagios	3.0-rc3	3.0-rc3.x
nagios / nagios	3.0-beta4	3.0-beta4.x
nagios / nagios	3.0.6	3.0.6.x
nagios / nagios	1.1	1.1.x
nagios / nagios	3.0-alpha2	3.0-alpha2.x
nagios / nagios	3.0.1	3.0.1.x
nagios / nagios	1.0	1.0.x
nagios / nagios	3.0-beta5	3.0-beta5.x
nagios / nagios	3.0-rc1	3.0-rc1.x
nagios / nagios	-	3.1.0.x
nagios / nagios	1.0b4	1.0b4.x
nagios / nagios	3.0.2	3.0.2.x
nagios / nagios	2.0b4	2.0b4.x
nagios / nagios	3.0-beta2	3.0-beta2.x
nagios / nagios	2.10	2.10.x
nagios / nagios	3.0-beta7	3.0-beta7.x
nagios / nagios	3.0-rc2	3.0-rc2.x
nagios / nagios	3.0	3.0.x
nagios / nagios	2.0	2.0.x
nagios / nagios	3.0.4	3.0.4.x
nagios / nagios	3.0-alpha1	3.0-alpha1.x
nagios / nagios	1.4.1	1.4.1.x
nagios / nagios	3.0-beta6	3.0-beta6.x
nagios / nagios	3.0-alpha4	3.0-alpha4.x
nagios / nagios	3.0-beta1	3.0-beta1.x
nagios / nagios	1.0b1	1.0b1.x
nagios / nagios	3.0-beta3	3.0-beta3.x
nagios / nagios	3.0.3	3.0.3.x
nagios / nagios	1.0b2	1.0b2.x
nagios / nagios	3.0.5	3.0.5.x

Vulnerability Database

289,784

CVE-2009-2288