Nagios: >> Nagios Xi >> 5.6.9 Security Vulnerabilities
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
CVSS Score
8.8
EPSS Score
0.224
Published
2019-12-31
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.
CVSS Score
5.4
EPSS Score
0.261
Published
2019-12-30
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
CVSS Score
7.5
EPSS Score
0.032
Published
2013-11-26
Page 13