CVE-2020-36863
Published: 30 October 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2020-36863 is an unrestricted file upload vulnerability in Nagios XI versions prior to 5.7.2. The issue resides in the Audio Import directory, where the upload handler fails to properly restrict file types or enforce storage outside of the webroot. Additionally, the web server configuration permits execution of uploaded files from this location, enabling PHP files to be uploaded and executed.
An authenticated attacker with access to the audio import feature can exploit this vulnerability by uploading a crafted PHP file to the Audio Import directory and then requesting it via the web server. Successful exploitation leads to remote code execution with the privileges of the Nagios XI application service. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).
Mitigation guidance from the Nagios XI changelog and Vulncheck advisory recommends upgrading to Nagios XI version 5.7.2 or later, which resolves the issue by implementing proper file type restrictions and storage enforcement in the upload handler.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unrestricted file upload in a public-facing web application (Nagios XI) enables exploitation of public-facing application (T1190) and deployment/execution of web shells via uploaded PHP files (T1100) for RCE.