SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
References
Link | Resource |
---|---|
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT | Release Notes Vendor Advisory |
https://blog.redactedsec.net/exploits/2018/04/26/nagios.html | Exploit Technical Description Third Party Advisory |
https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f | Third Party Advisory |
https://www.exploit-db.com/exploits/44560/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/44969/ | Exploit Third Party Advisory VDB Entry |
https://www.nagios.com/downloads/nagios-xi/change-log/ | Release Notes Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-04-18 00:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-8734
Mitre link : CVE-2018-8734
CVE.ORG link : CVE-2018-8734
JSON object : View
Products Affected
nagios
- nagios_xi
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')