cbcvebase.
CVE-2018-10736
published 2018-05-16

CVE-2018-10736: A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.

PriorityP259high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
42.56%
98.5th percentile
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.

Affected

3 ranges
VendorProductVersion rangeFixed in
linuxfoundationceph>= 0 < 15.2.7-0ubuntu0.20.04.215.2.7-0ubuntu0.20.04.2
nagiosnagios_xi5.2.0 – 5.2.9
nagiosnagios_xi>= 5.4.0 < 5.4.135.4.13

Detection & IOCsextracted from sources · hover to see the quote

url/nagiosql/admin/info.php?key1=%27%20union%20select%20concat(md5({{num}}))%23
path/nagiosql/admin/info.php
  • Look for GET requests to /nagiosql/admin/info.php with a key1 parameter containing SQL UNION SELECT payloads (e.g., single-quote followed by UNION SELECT and md5/concat functions)
  • Match HTTP response body for an md5 hash value echoed back, indicating successful blind/union-based SQL injection via the key1 parameter
  • Shodan query 'http.title:"nagios xi"' can be used to identify exposed Nagios XI instances potentially vulnerable to this SQLi
  • FOFA/Google dork queries targeting Nagios XI: app="Nagios-XI", title="nagios xi", intitle:"nagios xi" can surface vulnerable hosts
  • ·Exploitation requires authenticated administrator credentials (PR:H), limiting unauthenticated exploitation
  • ·The vulnerability affects Nagios XI versions up to and including 5.4.12; version 5.4.13 and later are patched
  • ·The PoC uses a random integer (rand_int 2000000000–2100000000) as a canary value whose md5 is reflected in the response body to confirm injection; detection logic depends on this reflection

CVSS provenance

nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.