CVE-2018-10738
published 2018-05-16CVE-2018-10738: A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
PriorityP259high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
42.56%
98.5th percentile
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nagios | nagios_xi | 5.2.0 – 5.2.9 | — |
| nagios | nagios_xi | >= 5.4.0 < 5.4.13 | 5.4.13 |
Detection & IOCsextracted from sources · hover to see the quote
commandselSubMenu=1&subSave=1&chbKey1=-1%' and (select 1 from(select count(*),concat((select (select (select md5({{num}}))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#↗
- →Look for POST requests to /nagiosql/admin/menuaccess.php with the chbKey1 parameter containing SQL injection payloads (e.g., single quotes, subselects, floor(rand()) error-based patterns). ↗
- →The exploit uses an error-based SQL injection technique leveraging information_schema.tables with floor(rand(0)*2) group-by duplication error; monitor for this pattern in POST body parameters. ↗
- →Use Shodan/FOFA queries to identify exposed Nagios XI instances as potential targets: shodan 'http.title:"nagios xi"', FOFA 'app="Nagios-XI"' or 'title="nagios xi"'. ↗
- →Exploitation requires an authenticated administrator session; monitor for privileged admin accounts performing unusual POST requests to menuaccess.php. ↗
- ·The vulnerability only affects Nagios XI versions prior to 5.4.13; instances running 5.4.13 or later are not affected. ↗
- ·Exploitation requires high privileges (authenticated administrator), limiting the attack surface to compromised or malicious admin accounts. ↗
CVSS provenance
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
NagiosXI <= 5.4.12 menuaccess.php - SQL injection
nuclei·CVSS 7.2
CVE-2018-10738 [HIGH] NagiosXI <= 5.4.12 menuaccess.php - SQL injection
NagiosXI <= 5.4.12 menuaccess.php - SQL injection
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
Template:
id: CVE-2018-10738
info:
name: NagiosXI <= 5.4.12 menuaccess.php - SQL injection
author: DhiyaneshDk
severity: high
description: |
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
impact: |
Authenticated administrators can execute arbitrary SQL commands to access, modify, or delete database contents, potentially compromising the entire Nagios XI instance.
remediation: |
Upgrade to Nagios XI version 5.4.13 or later.
reference:
- https://qkl.seebug.org/vuldb/ssvid-97268
- https://vuldb.com/de/?id.117807
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/
2018-05-16
Published