VYPR
Unrated severityNVD Advisory· Published May 22, 2019· Updated Aug 4, 2024

CVE-2019-12279

CVE-2019-12279

Description

Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nagios/Nagios XIdescription
  • Nagios/Nagiosllm-fuzzy
    Range: = 5.6.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.