Arbitrary SQL Command Execution in Nagios XI Core Config Manager

Arbitrary SQL Command Execution in Nagios XI Core Config Manager

CVE-2018-8734 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.

Learn more about our Cis Benchmark Audit For Apple Ios.