.. / CVE-2024-24401

Exploit for Nagios XI 2024R1.01 - SQL Injection to RCE (CVE-2024-24401)

Description:

SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.

Proof of Concept

PoC exploit

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-24401
https://www.nagios.com/changelog/