Описание
Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the SNMP Trap Interface page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly sanitized, allowing SQL injection that may lead to unauthorized disclosure or modification of application data or execution of arbitrary SQL commands against the backend database.
Ссылки
- Release Notes
- Release Notes
- Third Party Advisory
Уязвимые конфигурации
EPSS
7.2 High
CVSS3
Дефекты
Связанные уязвимости
Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the SNMP Trap Interface page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly sanitized, allowing SQL injection that may lead to unauthorized disclosure or modification of application data or execution of arbitrary SQL commands against the backend database.
Уязвимость интерфейса SNMP Trap Interface инструмента для мониторинга Nagios XI, позволяющая нарушителю выполнить произвольные команды
EPSS
7.2 High
CVSS3