Description
An SQL injection vulnerability has been discovered within the login functionality of Nagios Core Config Manager. This vulnerability exists due to the password field not being validated before being used to construct an SQL query on-the-fly. SQL Injection allows a malicious entity to execute arbitrary SQL statements. This vulnerability was discovered within the Nagios Core Config Manager shipped within the Nagios XI virtual appliance, which can be found under http://<vmlocation>/nagiosql/index.php
Remediation
Upgrade to the latest version of Nagios.
References
Related Vulnerabilities
WordPress Plugin WordPress Photo Gallery by Gallery Bank SQL Injection (3.0.101)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (6.8.1)
WordPress Plugin FileBird-WordPress Media Library Folders & File Manager SQL Injection (4.7.3)
WordPress Plugin WP-StarsRateBox 'j' Parameter SQL Injection (1.1)