{"id":"CVE-2021-40904","details":"The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator.","modified":"2026-03-14T11:12:04.996076Z","published":"2022-03-25T23:15:08.187Z","references":[{"type":"WEB","url":"http://checkmk.com"},{"type":"FIX","url":"https://github.com/Edgarloyola/CVE-2021-40904"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/checkmk/checkmk","events":[{"introduced":"adf02f46678361844d794effb70eeca27c268548"},{"fixed":"d5ccd5ecc956e665aca80f3c486f7fa46f409424"}],"database_specific":{"versions":[{"introduced":"1.5.0"},{"fixed":"1.6.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40904.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}