Some vulnerabilities have been discovered in NagiosQL, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Input passed to the "SETS[path][physical]" and "SETS[path][IT]" parameters in functions/prepend_adm.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled. The vulnerabilities are confirmed in version 2.00-P00. Other versions may also be affected. Solution: Edit the source code to ensure that input is properly verified. Reproducible: Always
AFAIR we handle issues that require register_globals to be turned on.
This isn't in Nagios, it's in a web-based config tool for Nagios which isn't in portage, NagiosQL. Not our problem.
oh ok, my fault. thanks for the information -closed-