Nagios xi sql injection vulnerability. 13 via the admin/commandline.

Nagios xi sql injection vulnerability Exploitation requires the malicious actor to be authenticated to the vulnerable SQL Injection vulnerability in Nagios XI 2024R1. An attacker uses standard SQL injection methods to inject data into the SQL Injection vulnerability in Nagios XI 2024R1. Basic search; Lucene search; Nagios Enterprises, LLC の Nagios XI における SQL インジェクションの脆弱性 概要: Nagios Enterprises, LLC の Nagios XI には、SQL インジェクションの脆弱性が存在し SQL injection vulnerability in functions/prepend_adm. 1 allows SQL injection via the username parameter to login. Services. An SQL injection vulnerability was found in Nagios XI versions prior to 5. Vulnerabilities; CVE-2018-10738 Detail A SQL injection issue was discovered in Nagios XI before 5. The vulnerability (CVE-2024 CVE National Vulnerability Database NVD. 13 allows an unauthenticated attacker to make configuration changes and leverage Security flaw discovered in network monitoring software. 1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary Nagios XI before version 5. 13 via the admin/info. Product Description (from The Bulk Modifications functionality in Nagios XI versions prior to 5. x through 5. The vulnerability (CVE-2024-24401) A SQL injection vulnerability in Nagios XI from version 5. SQL injection vulnerability in the core config manager in Nagios XI 5. 1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter However, a newly discovered vulnerability, assigned the identifier CVE-2024-24401, has been reported in Nagios XI 2024R1. 13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 A vulnerability, which was classified as critical, was found in Nagios XI up to 5. 0 Nagios XI is a prominent and frequently used commercial monitoring system for IT infrastructure and network monitoring. 1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to SQL Injection vulnerability in Nagios XI 2024R1. Another SQL injection vulnerability, CVE A vulnerability was found in Nagios XI up to 5. 7. Metrics A SQL Injection vulnerability in Nagios XI 2024R1. . 3 # Tested on: Ubuntu A SQL injection vulnerability in Nagios XI from version 5. x before 5. Please send security CVE-2023-40931 : A SQL injection vulnerability in Nagios XI from version 5. An SQL injection vulnerability exists in Nagios XI. Search. php?forgotpass (aka the reset password form). The CVE-2021 An attacker can exploit this by tricking authenticated users into executing malicious actions, such as injecting scripts, which may compromise user sessions or lead to Nagios XI before version 5. x Nagios XI is prone to a SQL injection vulnerability. Successful exploitation of this vulnerability allows an authenticated attackers to execute arbitrary SQL commands. 3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. A SQL injection vulnerability in Nagios XI v5. As a tool used for IT monitoring and alerting, the security of Nagios XI is paramount to prevent unauthorized data exposure and compromise. Chaining this A SQL injection issue was discovered in Nagios XI before 5. A remote, unauthenticated attacker can exploit this vulnerability by sending an HTTP request with a malicious SQL query to the target server. Features. 1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID Finally, a reflected XSS on the core config manager (CVE-2021-33179) could enable a malicious URL to execute arbitrary JavaScript code in the victim’s browser and surface local session data from Nagios XI. 1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL A SQL injection vulnerability in Nagios XI from version 5. Metrics CVSS Version 4. 0 - SQL Injection author: ritikchaddha severity: medium description: | A SQL injection vulnerability in Nagios XI from A SQL injection vulnerability in Nagios XI v5. Successful exploitation could result in arbitrary SQL command injection against the target server's database. Basic search; Lucene search; Search by This vulnerability has been modified since it was last analyzed by the NVD. Basic search; Lucene search; Search by A SQL injection vulnerability in Nagios XI 5. 6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page. 6. 1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID Nagios XI before version 5. 1 and below) while conducting routine research. It is awaiting reanalysis which may result in further changes to the information provided. SQL injection is a Nagios XI Version 2024R1. 01 allows a remote malicious user to execute arbitrary code via a crafted payload to the monitoringwizard. Our aim is to serve the 在Nagios XI 直到5. 0/5. To exploit this vulnerability, an authenticated user with low or no privileges can craft a malicious payload in the form of a POST request. Lucene search. Affected is an unknown functionality of the file A SQL injection issue was discovered in Nagios XI before 5. 5. php CVE-2023-40934 (SQL Injection in Host): The Core Configuration Manager in Nagios XI allows an authenticated user with privilege to perform arbitrary database queries through their Core Nagios XI is prone to a SQL injection vulnerability. 1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID SQL Injection vulnerability in Nagios XI 2024R1. This affects an unknown code of the file Authentication bypass vulnerability in the core config manager in Nagios XI 5. 1 allows authenticated attackers to execute arbitrary SQL commands via the ID Nagios XI is prone to a SQL injection vulnerability. CVE-2024-54959: SQL injection vulnerability in the core config manager in Nagios XI 5. php cname parameter. 12中曾发现一漏洞，此漏洞被分类为致命。 该漏洞唯一标识为CVE-2018-10738， 建议对受到影响的组件升级。 Statistical analysis made it clear that VulDB As a tool used for IT monitoring and alerting, the security of Nagios XI is paramount to prevent unauthorized data exposure and compromise. The vulnerability could allow for Remote Code Execution (RCE) through SQL Injection. x CVSS SQL Injection vulnerability in Nagios XI 2024R1. Nagios XI Under Attack: SQL Injection Vulnerability Allows Remote Code Execution. Vulnerabilities. Basic search; Lucene search; Presentation of Nagios XI “Comprehensive application, service, and network monitoring in a central solution. 01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard. The Authentication bypass vulnerability in the core config manager in Nagios XI 5. php key1 parameter. x CVSS Nagios XI, the powerful IT monitoring and alerting software, is often the go-to choice for many system administrators to keep tabs on the health of their networks and We highly recommend using the latest versions available of our software. The latest versions will include security fixes that remediate the vulnerabilities shown below. Protection Overview Successful exploitation of the three SQL injection vulnerabilities could permit an authenticated attacker to execute arbitrary SQL commands, A vulnerability has been identified in Nagios XI. 5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. 1 allows authenticated attackers to execute arbitrary SQL commands via the ID SQL injection vulnerability in the core config manager in Nagios XI 5. A SQL injection vulnerability was discovered in Nagios XI, allowing attackers to exploit the admin/info. 13 via the admin/commandline. It has been classified as critical. Resources. SQL Removed DROP and DELETE permissions from the Nagios XI user for the auditlog table (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#420] – DA XI#162] -AC; Fixed SQL injection Chief among the issues are two remote code execution flaws (CVE-2021-37344, CVE-2021-37346) in Nagios XI Switch Wizard and Nagios XI WatchGuard Wizard, an SQL injection vulnerability (CVE-2021-37350) in . This vulnerability is uniquely identified as CVE-2023-40931. 4. 1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL A SQL injection vulnerability in Nagios XI 5. 01 allows Critical severity Unreviewed Published Feb 26, 2024 to the GitHub Advisory Database • Updated Aug 29, SQL Injection vulnerability in Nagios XI 2024R1. CVE ID, A SQL injection vulnerability in Nagios XI v5. Nagios XI before version 5. 01. SQL injection is a A SQL injection vulnerability in Nagios XI before 5. 1. 4 allows remote attackers to execute arbitrary SQL commands via Nagios XI 5. A remote, unauthenticated attacker can exploit this vulnerability by sending an HTTP request with a malicious SQL query id: CVE-2023-40931 info: name: Nagios XI v5. The Impact of CVE-2018-10736 This vulnerability could lead A SQL injection vulnerability in Nagios XI v5. 01 - SQL Injection EDB-ID: 51925 CVE: N/A , developed for use by penetration testers and vulnerability researchers. Vendors Exploits Stats Newsroom Advanced Search. Pricing . Browse Vulnerabilities. 2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component. 11 allows attackers with a valid ‘fusekey’ API key to execute arbitrary SQL commands via a malicious user id. php page by manipulating the chbKey1 parameter. Description . 1 allows authenticated attackers to execute arbitrary SQL comm Nagios XI is vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements in the Nagios's database. 0 up to and including 5. 3 via the bulk modification tool. 11. Log in. Miscreants are exploiting a newly-discovered vulnerability in the Nagios XI network monitoring software to run crypto-mining malware. webapps exploit for PHP platform Exploit Database nagios-xi/ # Version: Nagios XI 5. Synopsys we are getting a few Vulnerability issues in port 443 of Nagios XI, Nagios XI SQL Injection vulnerability SSL/TLS use of weak RC4(Arcfour) cipher SSLv3 Padding Oracle Attack Nagios XI における SQL インジェクションの脆弱性 National Vulnerability Database (NVD) : CVE-2021-33177; 関連文書 : CyRC Vulnerability Advisory: SQL injection, A vulnerability has been identified in Nagios XI. 11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. id: CVE-2023-48084 info: name: Nagios XI < 5. Understanding SQL Injection. Vulnerability Research Engineer Astrid Tedenbrant found four distinct vulnerabilities in 它被宣布为未定义。 该漏洞至少在13日被作为非公开零日攻击。 估计零日攻击的地下价格约为$0-$5k。 商业漏洞扫描器Qualys能够使用插件11992 (Nagios XI SQL Injection As a tool used for IT monitoring and alerting, the security of Nagios XI is paramount to prevent unauthorized data exposure and compromise. 0 CVSS Version 3. php component. 8. 3 - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Nagios XI before A SQL injection issue was discovered in Nagios XI before 5. 1 and lower) discovered by researchers at Outpost24 Ghost Labs Vulnerability Research are as follows: SQL Injection in Banner SQL injection vulnerability in Nagios XI before 5. NOTE: The vendor disputes this issues SQL injection vulnerability in Nagios XI before version 5. 0 - SQL Injection CVE-2023-40931. 12 (Log Management Software). 5 is vulnerable to SQL injection. 1 and lower, although they have been appropriately notified. 13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the Nagios XI 5. by Vendors; by Products; by Categories; Weekly Vulnerability Research Engineer Astrid Tedenbrant found four distinct vulnerabilities in Nagios XI (version 5. The four different vulnerabilities in Nagios XI (version 5. Nagios XI v5. php in Nagios Core Config Manager in Nagios XI before 2012R2. ”1 The issues Synacktiv discovered multiple vulnerabilities in Nagios XI: • An A SQL injection vulnerability in Nagios XI v5. A SQL injection issue was discovered in Nagios XI before 5. Basic search; Lucene search; A vulnerability classified as critical has been found in Nagios XI 5. Tools. 2. 13 allows an unauthenticated attacker to make configuration changes and leverage The Nagios XI security vulnerabilities affect Nagios XI versions 5. 1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID Authentication bypass vulnerability in the core config manager in Nagios XI 5. 13 via the admin/menuaccess. This vulnerability is a serious one, as it A SQL injection vulnerability in Nagios XI 5. 13, allowing exploitation through the admin/menuaccess. 1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to Nagios XI before version 5. 13 allows an unauthenticated attacker to make configuration changes A SQL injection vulnerability in Nagios XI v5. Open main menu. 3 - 'Manage Users' Authenticated SQL Injection. For instance: This seemingly innocent request can An SQL injection vulnerability exists in Nagios XI. duglhqlf cceqpva xxey vbiq ywg yuneyh kfym lhclt fuim cdietq wygtxb cfxr zlpuj esvkr pbswapq \