SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
2013-11-26T16:55:03.057
2025-04-11T00:51:21.963
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | nagios | nagios_xi | ≤ 2012r2.3 | Yes |
Application | nagios | nagios_xi | 2012 | Yes |
Application | nagios | nagios_xi | 2012 | Yes |
Application | nagios | nagios_xi | 2012 | Yes |
Application | nagios | nagios_xi | 2012r1.0 | Yes |
Application | nagios | nagios_xi | 2012r1.1 | Yes |
Application | nagios | nagios_xi | 2012r1.2 | Yes |
Application | nagios | nagios_xi | 2012r1.3 | Yes |
Application | nagios | nagios_xi | 2012r1.4 | Yes |
Application | nagios | nagios_xi | 2012r1.5 | Yes |
Application | nagios | nagios_xi | 2012r1.6 | Yes |
Application | nagios | nagios_xi | 2012r1.7 | Yes |
Application | nagios | nagios_xi | 2012r1.8 | Yes |
Application | nagios | nagios_xi | 2012r1.9 | Yes |
Application | nagios | nagios_xi | 2012r2.0 | Yes |
Application | nagios | nagios_xi | 2012r2.1 | Yes |
Application | nagios | nagios_xi | 2012r2.2 | Yes |