VYPR

Nagiosxi

by Nagios

CVEs (15)

  • CVE-2018-8734CriApr 18, 2018
    risk 0.71cvss 9.8epss 0.53

    SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.

  • CVE-2018-8735HigApr 18, 2018
    risk 0.65cvss 8.8epss 0.64

    Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.

  • CVE-2019-9165CriMar 28, 2019
    risk 0.64cvss 9.8epss 0.05

    SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.

  • CVE-2018-8736HigApr 18, 2018
    risk 0.64cvss 8.8epss 0.47

    A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.

  • CVE-2019-9164HigMar 28, 2019
    risk 0.61cvss 8.8epss 0.46

    Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.

  • CVE-2019-9166HigMar 28, 2019
    risk 0.51cvss 7.8epss 0.01

    Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.

  • CVE-2018-10738HigMay 16, 2018
    risk 0.50cvss 7.2epss 0.43

    A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.

  • CVE-2018-10736HigMay 16, 2018
    risk 0.50cvss 7.2epss 0.43

    A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.

  • CVE-2018-10735HigMay 16, 2018
    risk 0.50cvss 7.2epss 0.43

    A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.

  • CVE-2020-22427HigFeb 15, 2021
    risk 0.48cvss 7.2epss 0.14

    NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and…

  • CVE-2018-10553MedApr 30, 2018
    risk 0.45cvss 6.5epss 0.39

    An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings.

  • CVE-2021-37223MedOct 5, 2021
    risk 0.43cvss 6.5epss 0.08

    Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the…

  • CVE-2019-9167MedMar 28, 2019
    risk 0.41cvss 6.1epss 0.22

    Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.

  • CVE-2018-20171MedDec 17, 2018
    risk 0.40cvss 6.1epss 0.02

    An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability.

  • CVE-2018-10554MedApr 30, 2018
    risk 0.35cvss 5.4epss 0.03

    An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages…