CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-8734

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1910%
EPSS Percentile1.54th
Published2018年4月18日
Last Modified2024年11月21日

Vulnerability Description

SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.

Affected Platforms (CPE)

📦
Nagios

Nagios Xi

>= 5.2.0 and < 5.4.13

References & Advisories

🔗 https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
🔗 https://blog.redactedsec.net/exploits/2018/04/26/nagios.html
🔗 https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f
🔗 https://www.exploit-db.com/exploits/44560/
🔗 https://www.exploit-db.com/exploits/44969/
🔗 https://www.nagios.com/downloads/nagios-xi/change-log/
🔗 https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
🔗 https://blog.redactedsec.net/exploits/2018/04/26/nagios.html

相关漏洞威胁

CVE-2002-195910.0

Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output.

CVE-2018-171489.8

An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snaps...

CVE-2018-87339.8

Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenti...

CVE-2018-157089.8

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.