CVE-2018-8734

SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
References
Link Resource
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT Release Notes Vendor Advisory
https://blog.redactedsec.net/exploits/2018/04/26/nagios.html Exploit Technical Description Third Party Advisory
https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f Third Party Advisory
https://www.exploit-db.com/exploits/44560/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/44969/ Exploit Third Party Advisory VDB Entry
https://www.nagios.com/downloads/nagios-xi/change-log/ Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-04-18 00:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-8734

Mitre link : CVE-2018-8734

CVE.ORG link : CVE-2018-8734


JSON object : View

Products Affected

nagios

  • nagios_xi
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')