CyberSec.Space Logo
Back to CVE Browser

CVE-2019-9165

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0330%
EPSS Percentile2.33th
PublishedMar 28, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.

Affected Platforms (CPE)

πŸ“¦
Nagios

Nagios Xi

< 5.5.11

References & Advisories

πŸ”— http://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html
πŸ”— https://www.nagios.com/downloads/nagios-xi/change-log/
πŸ”— https://www.nagios.com/products/security/
πŸ”— http://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html
πŸ”— https://www.nagios.com/downloads/nagios-xi/change-log/
πŸ”— https://www.nagios.com/products/security/

Related Vulnerabilities

CVE-2002-195910.0

Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output.

CVE-2019-92049.8

SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.

CVE-2018-171489.8

An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snaps...

CVE-2019-92039.8

Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.