CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1CVE-2018-10737
https://notcve.org/view.php?id=CVE-2018-10737
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. Se ha descubierto un problema de inyección SQL en Nagios XI en versiones anteriores a la 5.4.13 mediante el parámetro txtSearch en admin/logbook.php. • https://www.seebug.org/vuldb/ssvid-97267 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1CVE-2018-10735
https://notcve.org/view.php?id=CVE-2018-10735
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. Se ha descubierto un problema de inyección SQL en Nagios XI en versiones anteriores a la 5.4.13 mediante el parámetro cname en admin/commandline.php. • https://www.seebug.org/vuldb/ssvid-97265 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 3CVE-2018-8734 – Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-8734
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter. Vulnerabilidad de inyección SQL en el gestor core config en Nagios XI, en versiones 5.2.x hasta la 5.4.x anteriores a la 5.4.13, permite que un atacante ejecute comandos SQL arbitrarios mediante el parámetro selInfoKey1. • https://www.exploit-db.com/exploits/44969 https://www.exploit-db.com/exploits/44560 https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT https://blog.redactedsec.net/exploits/2018/04/26/nagios.html https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f https://www.nagios.com/downloads/nagios-xi/change-log http://blog.redactedsec.net/exploits/2018/04/26/nagios.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 22%CPEs: 1EXPL: 3CVE-2018-8736 – Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-8736
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root. Vulnerabilidad de escalado de privilegios en Nagios XI, en versiones 5.2.x hasta la 5.4.x anteriores a la 5.4.13, permite que un atacante aproveche una vulnerabilidad de RCE para escalar hasta root. • https://www.exploit-db.com/exploits/44969 https://www.exploit-db.com/exploits/44560 https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT https://blog.redactedsec.net/exploits/2018/04/26/nagios.html https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f https://www.nagios.com/downloads/nagios-xi/change-log http://blog.redactedsec.net/exploits/2018/04/26/nagios.html •
CVSS: 9.0EPSS: 63%CPEs: 1EXPL: 3CVE-2018-8735 – Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-8735
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection. Vulnerabilidad de ejecución remota de comandos (RCE) en Nagios XI, en versiones 5.2.x hasta la 5.4.x anteriores a la 5.4.13, permite que un atacante ejecute comandos arbitrarios en el sistema objetivo. Esto también se conoce como inyección de comandos del sistema operativo. • https://www.exploit-db.com/exploits/44969 https://www.exploit-db.com/exploits/44560 https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT https://blog.redactedsec.net/exploits/2018/04/26/nagios.html https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f https://www.nagios.com/downloads/nagios-xi/change-log http://blog.redactedsec.net/exploits/2018/04/26/nagios.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •