Description
Nagios XI is vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements in the Nagios's database. Chaining this vulnerability with others may lead to the full compromise of the server. Consult References for more information
Remediation
Upgrade to the latest version of Nagios XI (this vulnerability was fixed in Nagios XI version 5.4.13).
References
Related Vulnerabilities
WordPress Plugin WordPress Users 'uid' Parameter SQL Injection (1.3)
WordPress Plugin Events Manager Extended 'admin.php' SQL Injection (3.1.2)
WordPress Plugin JS Help Desk (formerly JS Support Ticket) SQL Injection (2.1.0)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (5.5)