Description

Nagios XI is vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements in the Nagios's database. Chaining this vulnerability with others may lead to the full compromise of the server. Consult References for more information

Remediation

Upgrade to the latest version of Nagios XI (this vulnerability was fixed in Nagios XI version 5.4.13).

References

CVE-2018-873X - NagiosXI Vulnerability Chaining; Death By a Thousand Cuts

Related Vulnerabilities

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker SQL Injection (9.0.1)

WordPress Plugin WP eCommerce SQL Injection (3.11.3)

WordPress Plugin ProPlayer 'pp_playlist_id' Parameter SQL Injection (4.7.7)

WordPress Plugin Good LMS-Learning Management System SQL Injection (2.1.4)

WordPress Plugin GiveWP-Donation and Fundraising Platform SQL Injection (2.5.0)

Severity

High

Classification

CVE-2018-8734 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

SQL Injection