SQL injection vulnerability in Nagios XI prior to 5.5.11 allows malicious users to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
Various vulnerabilities have been found in Nagios XI version 5510, which allow a remote attacker able to trick an authenticated victim (with "autodiscovery job" creation privileges) to visit a malicious URL to obtain a remote root shell via a reflected cross site scripting, an authenticated remote code Execution and a local privilege escalation ...