Loading
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
Use CWE-78, Nagios vendor hub and Nagios product page to widen CVE-2009-2288 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2016-0726, CVE-2014-5009 and CVE-2008-7313 for nearby disclosures in the same product family.