The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
Credits
This vulnerability was discovered by Jaggar Henry and Jim Becher of KoreLogic, Inc.
