Nagios XI could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request to command_test.php script using the address paramater, an attacker could exploit this vulnerability to execute arbitrary shell commands on the system.
