CVE-2013-6875
high
CVSS v3
—
VIR risk
7.5
Description
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| nagios | nagios_xi | {"endIncluding":"2012r2.3"} | |
| nagios | nagios_xi | 2012 | |
| nagios | nagios_xi | 2012r1.0 | |
| nagios | nagios_xi | 2012r1.1 | |
| nagios | nagios_xi | 2012r1.2 | |
| nagios | nagios_xi | 2012r1.3 | |
| nagios | nagios_xi | 2012r1.4 | |
| nagios | nagios_xi | 2012r1.5 | |
| nagios | nagios_xi | 2012r1.6 | |
| nagios | nagios_xi | 2012r1.7 | |
| nagios | nagios_xi | 2012r1.8 | |
| nagios | nagios_xi | 2012r1.9 | |
| nagios | nagios_xi | 2012r2.0 | |
| nagios | nagios_xi | 2012r2.1 | |
| nagios | nagios_xi | 2012r2.2 | |
References
- http://assets.nagios.com/downloads/nagiosxi/CHANGES-2012.TXT
- http://secunia.com/advisories/55695
- http://www.security-assessment.com/files/documents/advisory/NagiosQL%20Core%20Config%20Manager%20SQL%20Injection%20Vulnerability%20Advisory%20-%20DA.pdf
- http://assets.nagios.com/downloads/nagiosxi/CHANGES-2012.TXT
- http://secunia.com/advisories/55695
- http://www.security-assessment.com/files/documents/advisory/NagiosQL%20Core%20Config%20Manager%20SQL%20Injection%20Vulnerability%20Advisory%20-%20DA.pdf
CWEs
CWE-89
💬 Discuss CVE-2013-6875 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.