|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-26 | |
| Rule Name: | Nagios XI SNMP Trap SQL Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | SQL injection vulnerability was reported in Nagios Enterprises before version 5.7.4 of Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the SNMP Trap edit functionality. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted request to a target service. Successful exploitation could result in the execution of arbitrary SQL statement, potentially leading to the disclosure of sensitive information. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |