An SQL injection vulnerability has been discovered within the login functionality of Nagios Core Config Manager.
This vulnerability exists due to the password field not being validated before being used to construct an SQL
query on-the-fly. SQL Injection allows a malicious entity to execute arbitrary SQL statements. This vulnerability
was discovered within the Nagios Core Config Manager shipped within the Nagios XI virtual appliance, which can
be found under http://
- Upgrade to the latest version of Nagios.
- WordPress Plugin Event Espresso Lite-Event Management and Registration System SQL Injection (220.127.116.11)
- WordPress Plugin Comment Rating 'id' Parameter SQL Injection (2.9.23)
- WordPress Plugin WORDPRESS VIDEO GALLERY Multiple Vulnerabilities (2.3.1)
- WordPress Plugin Quiz And Survey Master (Formerly Quiz Master Next) Multiple SQL Injection Vulnerabilities (4.4.3)
- WordPress Plugin WP-Stats 'author' Parameter SQL Injection (2.0)