Description

Nagios XI is vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements in the Nagios's database. Chaining this vulnerability with others may lead to the full compromise of the server. Consult References for more information

Remediation

Upgrade to the latest version of Nagios XI (this vulnerability was fixed in Nagios XI version 5.4.13).

References

CVE-2018-873X - NagiosXI Vulnerability Chaining; Death By a Thousand Cuts

Related Vulnerabilities

WordPress Plugin AdRotate-Ad manager & AdSense Ads SQL Injection (5.8.3.1)

WordPress Plugin Simple Login Log SQL Injection (1.1.1)

WordPress Plugin WP CSV Exporter SQL Injection (1.3.6)

WordPress Plugin BSK PDF Manager Multiple SQL Injection Vulnerabilities (1.3.2)

WordPress Plugin cdnvote 'cdnvote-post.php' Multiple SQL Injection Vulnerabilities (0.4.1)

Severity

High

Classification

CVE-2018-8734 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

SQL Injection