Nagios: >> Nagios Xi >> 5.2.6 Security Vulnerabilities
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
CVSS Score
7.2
EPSS Score
0.832
Published
2018-05-16
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
CVSS Score
7.2
EPSS Score
0.832
Published
2018-05-16
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
CVSS Score
7.2
EPSS Score
0.832
Published
2018-05-16
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.
CVSS Score
9.8
EPSS Score
0.771
Published
2018-04-18
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
CVSS Score
9.8
EPSS Score
0.79
Published
2018-04-18
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.
CVSS Score
8.8
EPSS Score
0.725
Published
2018-04-18
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.
CVSS Score
8.8
EPSS Score
0.646
Published
2018-04-18
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
CVSS Score
7.5
EPSS Score
0.197
Published
2013-11-26
Page 14