Problem
If a user is able to edit the NagVis global options, he is able to perform a Server-side request forgery.

Explanation
The function geomap_get_contents uses the PHP function file_get_contents to retrieve data from the URL specified in the geomap_server field of the NagVis global options, but there is no validation on the given URL.

Furthermore, as defined here, the content retrieved from the geomap_server URL is written to the file system (on a predictable path) without validation.

Other info
Here is a screenshot of the global configuration page, which allows setting the geomap_server field.