A vulnerable version of Nagios XI has been detected.
Versions of Nagios XI prior to 2012R2.4 are affected by an SQL injection vulnerability in the Nagios Core Configuration Manager. The Nagios Core Configuration Manager is a web-based configuration tool for Nagios XI and is based on the NagiosQL configuration tool. The vulnerability exists in the 'functions/prepend_adm.php' script, which fails to properly sanitize user-supplied input to the 'tfPassword' parameter before using it in database queries. An attacker could execute arbitrary SQL commands leading to manipulation or disclosure of arbitrary data.
Upgrade to Nagios XI 2012R2.4 or later.