Vulnerabilities > CVE-2024-13723
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
References
- http://seclists.org/fulldisclosure/2025/Feb/4
- http://www.openwall.com/lists/oss-security/2025/02/04/4
- https://checkmk.com/werks?version=2.3.0p10
- https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt
- https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt
- https://www.nagvis.org/downloads/changelog/1.9.42