Rapid7 Vulnerability & Exploit Database

Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection

Back to Search

Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection



This module exploits CVE-2020-5791, an OS command injection vulnerability in `admin/mibs.php` that enables an authenticated user with admin privileges to achieve remote code execution as either the `apache` user or the `www-data` user on NagiosXI version 5.6.0 to 5.7.3 inclusive (exact user depends on the version of NagiosXI installed as well as the OS its installed on). Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios XI 5.7.3 running on CentOS 7.


  • Chris Lyne
  • Matthew Aberegg
  • Erik Wynter




x86, x64, cmd


Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/http/nagios_xi_mibs_authenticated_rce
msf exploit(nagios_xi_mibs_authenticated_rce) > show targets
msf exploit(nagios_xi_mibs_authenticated_rce) > set TARGET < target-id >
msf exploit(nagios_xi_mibs_authenticated_rce) > show options
    ...show and set options...
msf exploit(nagios_xi_mibs_authenticated_rce) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security