Detections
Analytics

Nagios XI 2011R1.9 Multiple SQL Injection Vulnerabilities

medium Nessus Network Monitor Plugin ID 8364

Synopsis

A vulnerable version of Nagios XI has been detected.

Description

Nagios XI 2011R1.9 is affected by multiple SQL injection vulnerabilities due to failure to sanitize user input. Scripts containing these vulnerabilities are the 'hostgroups.php', 'services.php', 'hosts.php', and 'servicegroups.php' scripts. Successful exploitation of these vulnerabilities would allow the attacker to access and modify data and compromise the application. Note that the attacker must be authenticated to exploit these vulnerabilities.

Solution

Upgrade to Nagios XI CCM 2012 Full Beta or higher.

See Also

http://seclists.org/bugtraq/2012/Jul/10

http://seclists.org/bugtraq/2012/Nov/116

http://labs.nagios.com/2012/04/13/nagios-xi-ccm-full-beta/

Plugin Details

Severity: Medium

ID: 8364

Family: CGI

Published: 8/25/2014

Updated: 3/6/2019

Nessus ID: 64690

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:nagios:nagios_xi

Patch Publication Date: 6/7/2012

Vulnerability Publication Date: 11/30/2012

Reference Information

BID: 56761