CVE-2018-10735
published 2018-05-16CVE-2018-10735: A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
PriorityP259high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
42.56%
98.5th percentile
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bootstrap-sass | bootstrap-sass | >= 2.0.4 < 3.4.0 | 3.4.0 |
| bootstrap-sass | bootstrap-sass | >= 2.0.4 < 3.4.0 | 3.4.0 |
| getbootstrap | bootstrap | >= 0 < 4.0.0-beta.2 | 4.0.0-beta.2 |
| getbootstrap | bootstrap | >= 2.0.4 < 3.4.0 | 3.4.0 |
| getbootstrap | bootstrap | >= 2.0.4 < 3.4.0 | 3.4.0 |
| getbootstrap | bootstrap | >= 4.0.0-beta < 4.0.0-beta.2 | 4.0.0-beta.2 |
| getbootstrap | bootstrap | >= 4.0.0-beta < 4.0.0-beta.2 | 4.0.0-beta.2 |
| nagios | nagios_xi | 5.2.0 – 5.2.9 | — |
| nagios | nagios_xi | >= 5.4.0 < 5.4.13 | 5.4.13 |
| twbs | bootstrap | >= 2.0.4 < 3.4.0 | 3.4.0 |
| twbs | bootstrap | >= 4.0.0-beta < 4.0.0-beta.2 | 4.0.0-beta.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Send a GET request to /nagiosql/admin/commandline.php with a SQL injection payload in the `cname` parameter (%27%20union%20select%20concat(md5(...))%23) and check if the MD5 hash of the injected integer appears in the response body. ↗
- →Match the response body for the MD5 hash value corresponding to the injected random integer to confirm blind UNION-based SQL injection. ↗
- →Use Shodan query `http.title:"nagios xi"` or FOFA queries `app="Nagios-XI"`, `title="nagios xi"`, `app="nagios-xi"` to identify exposed Nagios XI instances for targeting. ↗
- ·Exploitation requires authentication as an administrator (PR:H); the SQL injection is only reachable by authenticated admin users. ↗
- ·The vulnerability affects Nagios XI versions up to and including 5.4.12; version 5.4.13 and later are not affected. ↗
CVSS provenance
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
ghsa6.1MEDIUM
vendor_redhat6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9wpp-wqw3-4f2h: A SQL injection issue was discovered in Nagios XI before 5
ghsa_unreviewed·2022-05-14
CVE-2018-10735 [HIGH] CWE-89 GHSA-9wpp-wqw3-4f2h: A SQL injection issue was discovered in Nagios XI before 5
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
GHSA
Bootstrap Cross-site Scripting vulnerability
ghsa·2019-01-17·CVSS 6.1
CVE-2016-10735 [MEDIUM] CWE-79 Bootstrap Cross-site Scripting vulnerability
Bootstrap Cross-site Scripting vulnerability
In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041.
See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.
Red Hat
bootstrap: XSS in the data-target attribute
vendor_redhat·2016-06-27·CVSS 6.1
CVE-2016-10735 [MEDIUM] CWE-79 bootstrap: XSS in the data-target attribute
bootstrap: XSS in the data-target attribute
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Statement: Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.
Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.
Package: pki-core (Red Hat Enterprise Linux 7) - Will not fix
Packa
No detection rules found.
Nuclei
NagiosXI <= 5.4.12 `commandline.php` SQL injection
nuclei·CVSS 7.2
CVE-2018-10735 [HIGH] NagiosXI <= 5.4.12 `commandline.php` SQL injection
NagiosXI <= 5.4.12 `commandline.php` SQL injection
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
Template:
id: CVE-2018-10735
info:
name: NagiosXI <= 5.4.12 `commandline.php` SQL injection
author: DhiyaneshDk
severity: high
description: |
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
impact: |
Authenticated administrators can execute arbitrary SQL commands to access, modify, or delete database contents, potentially compromising the entire Nagios XI instance.
remediation: |
Upgrade to Nagios XI version 5.4.13 or later.
reference:
- https://vulners.com/seebug/SSV:97266
- https://github.com/chaitin/xray/blob/master/pocs/nagio-cve-2018-10735.yml
classification:
2018-05-16
Published