vendor:
Nagios XI
by:
Matthew Aberegg
7.5
CVSS
HIGH
Authenticated SQL Injection
89
CWE
Product Name: Nagios XI
Affected Version From: Nagios XI 5.7.3
Affected Version To: Nagios XI 5.7.3
Patch Exists: YES
Related CWE: N/A
CPE: a:nagios:nagios_xi
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Ubuntu 18.04
2020
Nagios XI 5.7.3 – ‘Manage Users’ Authenticated SQL Injection
A blind SQL injection vulnerability exists in the 'Manage Users' functionality of the Core Config Manager of Nagios XI. The vulnerable parameter is 'id'.
Mitigation:
Ensure that user input is properly sanitized and validated before being used in SQL queries.
