CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1CVE-2018-10738
https://notcve.org/view.php?id=CVE-2018-10738
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. Se ha descubierto un problema de inyección SQL en Nagios XI en versiones anteriores a la 5.4.13 mediante el parámetro chbKey1 en admin/menuaccess.php. • https://www.seebug.org/vuldb/ssvid-97268 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1CVE-2018-10737
https://notcve.org/view.php?id=CVE-2018-10737
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. Se ha descubierto un problema de inyección SQL en Nagios XI en versiones anteriores a la 5.4.13 mediante el parámetro txtSearch en admin/logbook.php. • https://www.seebug.org/vuldb/ssvid-97267 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1CVE-2018-10735
https://notcve.org/view.php?id=CVE-2018-10735
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. Se ha descubierto un problema de inyección SQL en Nagios XI en versiones anteriores a la 5.4.13 mediante el parámetro cname en admin/commandline.php. • https://www.seebug.org/vuldb/ssvid-97265 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10553
https://notcve.org/view.php?id=CVE-2018-10553
An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings. Se ha descubierto un problema en Nagios XI 5.4.13. • http://code610.blogspot.com/2018/04/few-bugs-in-latest-nagios-xi-5413.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10554
https://notcve.org/view.php?id=CVE-2018-10554
An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. Se ha descubierto un problema en Nagios XI 5.4.13. Hay Cross-Site Scripting (XSS) explotable mediante Cross-Site Request Forgery (CSRF) en (1) la pantalla Schedule New Report mediante los parámetros hour, minute o ampm, relacionado con components/scheduledreporting; (2) includes/components/xicore/downtime.php, relacionado con la función update_pages; (3) los parámetros opts o background en ajaxhelper.php; (4) el parámetro del array i[] en ajax_handler.php; o (5) el parámetro title en deploynotification.php. • http://code610.blogspot.com/2018/04/few-bugs-in-latest-nagios-xi-5413.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •