CVE-2019-12279
published 2019-05-22CVE-2019-12279: Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as…
PriorityP356critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.22%
89.7th percentile
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nagios | nagios_xi | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests to /nagiosxi/login.php?forgotpass targeting the `username` parameter for SQL injection payloads in the reset password form. ↗
- →Inspect the `username` field in the POST body of reset-password requests; the value is passed into a SQL query and is the injection point per the PoC. ↗
- →The exploit targets Nagios XI version 5.6.1 specifically; flag or alert on exploitation attempts against this version. ↗
- →The request uses Content-Type: application/x-www-form-urlencoded with pageopt=resetpass; correlate this parameter combination with anomalous username values as a detection signal. ↗
- ·The vendor disputes this as a valid SQL injection vulnerability, stating the username value is passed through SQL escaping functions and they were unable to reproduce exploitation. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mrpp-2fxx-mj68: Nagios XI 5
ghsa_unreviewed·2022-05-24
CVE-2019-12279 [CRITICAL] CWE-89 GHSA-mrpp-2fxx-mj68: Nagios XI 5
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form).
Red Hat
libgit2: NTFS protections inactive when running Git in the Windows Subsystem for Linux
vendor_redhat·2019-09-18·CVSS 9.8
CVE-2020-12279 [CRITICAL] CWE-358 libgit2: NTFS protections inactive when running Git in the Windows Subsystem for Linux
libgit2: NTFS protections inactive when running Git in the Windows Subsystem for Linux
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.
Statement: Even if the code in the versions of libgit2 as shipped with Red Hat Enterprise Linux 7, and 8 are affected by this flaw, Red Hat does not support the NTFS filesystem nor Windows Subsystem for Linux (WSL). For this reason, the flaw has a Low Impact.
Package: libgit2 (Red Hat Enterprise Linux 7) - Fix deferred
Package: libgit2 (Red Hat Enterprise Linux 8) - Fix deferred
No detection rules found.
http://packetstormsecurity.com/files/153040/Nagios-XI-5.6.1-SQL-Injection.htmlhttp://www.securityfocus.com/bid/108446https://github.com/JameelNabbo/exploits/blob/master/nagiosxi%20username%20sql%20injection.txthttp://packetstormsecurity.com/files/153040/Nagios-XI-5.6.1-SQL-Injection.htmlhttp://www.securityfocus.com/bid/108446https://github.com/JameelNabbo/exploits/blob/master/nagiosxi%20username%20sql%20injection.txt
2019-05-22
Published