Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nagios XI 2011R1.9 Multiple SQL Injection Vulnerabilities

Medium

Synopsis

A vulnerable version of Nagios XI has been detected.

Description

Nagios XI 2011R1.9 is affected by multiple SQL injection vulnerabilities due to failure to sanitize user input. Scripts containing these vulnerabilities are the 'hostgroups.php', 'services.php', 'hosts.php', and 'servicegroups.php' scripts. Successful exploitation of these vulnerabilities would allow the attacker to access and modify data and compromise the application. Note that the attacker must be authenticated to exploit these vulnerabilities.

Solution

Upgrade to Nagios XI CCM 2012 Full Beta or higher.