WEB APPLICATION VULNERABILITIES Standard & Premium

Nagios XI Unauthenticated SQLi CVE-2018-8734

Description

Nagios XI is vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements in the Nagios's database. Chaining this vulnerability with others may lead to the full compromise of the server. Consult References for more information

Remediation

Upgrade to the latest version of Nagios XI (this vulnerability was fixed in Nagios XI version 5.4.13).

References

CVE-2018-873X - NagiosXI Vulnerability Chaining; Death By a Thousand Cuts

Related Vulnerabilities

WordPress Plugin WordPress Alipay/Tenpay/PayPal SQL Injection (3.7.2)

WordPress Plugin BBS e-Franchise SQL Injection (1.1.1)

WordPress Plugin WordPress Users 'uid' Parameter SQL Injection (1.3)

WordPress Plugin Kama Click Counter SQL Injection (3.4.9)

WordPress 'admin-ajax.php' SQL Injection Vulnerability (2.1.3)

Severity

High

Classification

CVE-2018-8734 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags