cvedb.io
CVE-2018-16146
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2018-09-05T21:29:02.797 · Last modified 2026-06-17T01:43:46.370

Summary

The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account.

Affected products

opsview — opsview

Does this affect you?

Add your gear to cvedb and we'll alert you only when opsview ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.