{"vulnerability": "CVE-2019-20197", "sightings": [{"uuid": "a5a464f1-4122-4bcf-a1bd-cd9f712e4b5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20197", "type": "seen", "source": "https://t.me/arpsyndicate/1984", "content": "#ExploitObserverAlert\n\nCVE-2019-20197\n\nDESCRIPTION: Exploit Observer has 5 entries related to CVE-2019-20197. In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.\n\nFIRST-EPSS: 0.012490000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-12-18T12:37:35.000000Z"}, {"uuid": "eac3f2c5-2dfa-4a4e-8150-f98b1f3348be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20197", "type": "seen", "source": "https://t.me/ctinow/211228", "content": "https://ift.tt/Vg8ROEQ\nCVE-2019-20197 | Nagios XI 5.6.9 schedulereport.php id os command injection", "creation_timestamp": "2024-03-19T08:07:05.000000Z"}]}