漏洞描述
Nagios XI是一个流行的和广泛使用的商业监控解决方案,用于IT基础设施和网络监控,Nagios XI存在sql注入漏洞,此漏洞是由于banner_message-ajaxhelper.php接口对用户的请求验证不当导致的。
Nagios XI banner_message-ajaxhelper.php SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- Nagios XI-默认口令漏洞
- Nagios Log Server 需授权 命令注入漏洞
- Nagios Log Server 权限管理不当漏洞
- POC CVE-2018-10735: NagiosXI <= 5.4.12 `commandline.php` SQL injection
- POC CVE-2018-10736: NagiosXI <= 5.4.12 - SQL injection
- POC CVE-2018-10737: NagiosXI <= 5.4.12 logbook.php SQL injection
- POC CVE-2018-10738: NagiosXI <= 5.4.12 menuaccess.php - SQL injection
- POC CVE-2021-25296: Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
- POC CVE-2021-25297: Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection
- POC CVE-2021-25298: Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
- POC CVE-2021-25299: Nagios XI 5.7.5 - Cross-Site Scripting
- POC CVE-2021-38156: Nagios XI < 5.8.6 - Cross-Site Scripting
- POC CVE-2022-29272: Nagios XI <5.8.5 - Open Redirect