High severityNVD Advisory· Published Aug 5, 2025· Updated Apr 15, 2026

CVE-2012-10029

Description

Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in visApi.php. An authenticated user can inject system commands via unsanitized parameters such as host, resulting in remote code execution.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstorm.news/files/id/118705/nvd
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rbnvd
www.exploit-db.com/exploits/23227nvd
www.nagios.com/products/nagios-xi/nvd
www.vulncheck.com/advisories/nagios-xi-network-monitor-graph-explorer-component-auth-command-injectionnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.041
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000