CVE-2018-10737: SQL Injection
First published: Wed May 16 2018(Updated: )
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios | >=5.2.0<=5.2.9 | |
| Nagios | >=5.4.0<5.4.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-10737?
The severity of CVE-2018-10737 is classified as high due to the potential for SQL injection attacks.
How do I fix CVE-2018-10737?
To fix CVE-2018-10737, upgrade Nagios XI to version 5.4.13 or later.
What versions of Nagios XI are affected by CVE-2018-10737?
CVE-2018-10737 affects Nagios XI versions prior to 5.4.13, within the ranges of 5.2.0 to 5.2.9 and 5.4.0 to 5.4.12.
Is it safe to use Nagios XI versions 5.4.13 and later regarding CVE-2018-10737?
Yes, Nagios XI versions 5.4.13 and later are not affected by CVE-2018-10737 and are considered safe.
What are the potential consequences of exploiting CVE-2018-10737?
Exploitation of CVE-2018-10737 could enable attackers to execute arbitrary SQL commands, potentially compromising the database.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/weakness
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/nagios
- canonical/nagios
- version/nagios/5.2.0
- version/nagios/5.2.9
- version/nagios/5.4.0