Description

Nagios XI is vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements in the Nagios's database. Chaining this vulnerability with others may lead to the full compromise of the server. Consult References for more information

Remediation

Upgrade to the latest version of Nagios XI (this vulnerability was fixed in Nagios XI version 5.4.13).

References

CVE-2018-873X - NagiosXI Vulnerability Chaining; Death By a Thousand Cuts

Related Vulnerabilities

WordPress Plugin WonderPlugin Audio Player Multiple Vulnerabilities (2.0)

WordPress Plugin WishList Member X SQL Injection (3.25.1)

WordPress Plugin Pierre's Wordspew 'wordspew.php' Multiple SQL Injection Vulnerabilities (5.61)

WordPress Plugin Mz-jajak 'id' Parameter SQL Injection (2.1)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease SQL Injection (4.6.1)

Severity

High

Classification

CVE-2018-8734 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

SQL Injection