Published: 18/04/2018 Updated: 05/03/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in the core config manager in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an malicious user to execute arbitrary SQL commands via the selInfoKey1 parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nagios nagios xi

Nagios XI versions 526 up to 529, 53, and 54 chained remote root exploit ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE include Msf::Exploit::CmdStager def initialize(info = {}) s ...

# Exploit Title: Nagios XI 52[6-9], 53, 54 Chained Remote Root # Date: 4/17/2018 # Exploit Authors: Benny Husted, Jared Arave, Cale Smith # Contact: twittercom/iotennui || twittercom/BennyHusted || twittercom/0xC413 # Vendor Homepage: wwwnagioscom/ # Software Link: assetsnagioscom/downloads/nagiosx ...

Fixed exploit for Nagios CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736 https://www.exploit-db.com/exploits/44560/

Nagios-XI-526-9-53-54-Chained-Remote-Root-Exploit-Fixed Fixed exploit for Nagios CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736 wwwexploit-dbcom/exploits/44560/

CWE-89 https://www.nagios.com/downloads/nagios-xi/change-log/https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT https://www.exploit-db.com/exploits/44560/https://blog.redactedsec.net/exploits/2018/04/26/nagios.html https://www.exploit-db.com/exploits/44969/https://nvd.nist.gov https://github.com/xfer0/Nagios-XI-5.2.6-9-5.3-5.4-Chained-Remote-Root-Exploit-Fixed https://packetstormsecurity.com/files/147413/Nagios-XI-5.x-Chained-Remote-Root.html https://www.exploit-db.com/exploits/44969/

CVE-2018-8734

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect