CVE-2024-13723: CWE-434 Unrestricted Upload of File with Dangerous Type in Checkmk NagVis
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
CVE-2024-13723: CWE-434 Unrestricted Upload of File with Dangerous Type in Checkmk NagVis
Description
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- KoreLogic
- Date Reserved
- 2025-01-24T18:22:56.194Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690904b000ff46172d4a0e11
Added to database: 11/3/2025, 7:38:24 PM
Last updated: 11/3/2025, 7:40:16 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2024-3262: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in Best Practical Solutions Request Tracker
MediumCVE-2024-34459: n/a
HighCVE-2024-32663: CWE-400: Uncontrolled Resource Consumption in OISF suricata
HighCVE-2024-32489: n/a
MediumCVE-2024-22641: n/a
HighActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.