Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-47693

The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject SQL fragments. Successful exploitation could lead to unauthorized disclosure or modification of configuration and application data, and in some environments could allow further compromise of the application or backend database.

Published

2025-10-30T22:15:40.673

Last Modified

2025-11-06T18:19:57.933

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nagios	nagios_xi	< 5.8.5	Yes

References

https://www.nagios.com/changelog/nagios-xi/ Release Notes ([email protected])
https://www.vulncheck.com/advisories/nagios-xi-ccm-sqli-via-improper-escaping-in-search-text Third Party Advisory ([email protected])