Lucene search
PRIOn knowledge basePRION:CVE-2019-12279HistoryMay 22, 2019 - 4:29 p.m.
Sql injection
2019-05-2216:29:00
PRIOn knowledge base
www.prio-n.com
8
DISPUTED Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck.
Related
packetstorm
packetstorm
Nagios XI 5.6.1 SQL Injection
2019-05-23 00:00:00
nvd
nvd
CVE-2019-12279
2019-05-22 16:29:01
zdt
zdt
Nagios XI 5.6.1 SQL Injection Vulnerability
2019-05-23 00:00:00
cve
cve
CVE-2019-12279
2019-05-22 16:29:01
exploitpack
exploitpack
Nagios XI 5.6.1 - SQL injection
2019-05-23 00:00:00
cvelist
cvelist
CVE-2019-12279
2019-05-22 15:04:48
exploitdb
exploitdb
Nagios XI 5.6.1 - SQL injection
2019-05-23 00:00:00