CVE-2018-10737
published 2018-05-16CVE-2018-10737: A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
PriorityP275high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
42.56%
98.5th percentile
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nagios | nagios_xi | 5.2.0 – 5.2.9 | — |
| nagios | nagios_xi | >= 5.4.0 < 5.4.13 | 5.4.13 |
Detection & IOCsextracted from sources · hover to see the quote
commandtxtSearch=' and (select 1 from(select count(*),concat((select (select (select md5({{num}}))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#↗
- →Look for POST requests to /nagiosql/admin/logbook.php containing SQL injection patterns in the txtSearch parameter, specifically error-based injection using GROUP BY with floor(rand(0)*2) and information_schema.tables. ↗
- →Shodan query 'http.title:"nagios xi"' can be used to identify exposed Nagios XI instances potentially vulnerable to this CVE. ↗
- →FOFA/Google dork queries targeting Nagios XI: app="Nagios-XI", title="nagios xi", app="nagios-xi", intitle:"nagios xi" can identify attack surface. ↗
- →The exploit is authenticated (requires high privileges, PR:H) and targets the txtSearch POST parameter with a classic error-based SQL injection payload using GROUP BY duplicate key error technique. ↗
- ·Vulnerability affects Nagios XI versions up to and including 5.4.12; version 5.4.13 and later are patched. ↗
- ·Exploitation requires authenticated administrator-level access (CVSS PR:H), limiting the attack surface to privileged accounts. ↗
CVSS provenance
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m7r8-7ggg-5cwp: A SQL injection issue was discovered in Nagios XI before 5
ghsa_unreviewed·2022-05-14
CVE-2018-10737 [HIGH] CWE-89 GHSA-m7r8-7ggg-5cwp: A SQL injection issue was discovered in Nagios XI before 5
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
VulnCheck
Nagios Nagios XI Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2018·CVSS 7.2
CVE-2018-10737 [HIGH] Nagios Nagios XI Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Nagios Nagios XI Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
Affected: Nagios Nagios XI
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-14&host_type=src&vulnerability=cve-2018-10737; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-12&host_type=src&vulnerability=cve-2018-10737; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-23&host_type=src&vulner
No detection rules found.
Nuclei
NagiosXI <= 5.4.12 logbook.php SQL injection
nuclei·CVSS 7.2
CVE-2018-10737 [HIGH] NagiosXI <= 5.4.12 logbook.php SQL injection
NagiosXI <= 5.4.12 logbook.php SQL injection
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
Template:
id: CVE-2018-10737
info:
name: NagiosXI <= 5.4.12 logbook.php SQL injection
author: DhiyaneshDK
severity: high
description: |
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
impact: |
Authenticated administrators can execute arbitrary SQL commands to access, modify, or delete database contents, potentially compromising the entire Nagios XI instance.
remediation: |
Upgrade to Nagios XI version 5.4.13 or later.
reference:
- https://vulners.com/seebug/SSV:97267
- https://nvd.nist.gov/vuln/detail/CVE-2018-10737
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/
2018-05-16
Published
Exploited in the wild