Описание
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
Ссылки
- Release NotesVendor Advisory
- ExploitTechnical DescriptionThird Party Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- ExploitTechnical DescriptionThird Party Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.2.0 (включая) до 5.4.13 (исключая)
cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.79015
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 8 лет назад
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
CVSS3: 9.8
github
больше 3 лет назад
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
EPSS
Процентиль: 99%
0.79015
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89