Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2013-6875
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-26 Nov, 2013 | 16:55
Updated At-11 Apr, 2025 | 00:51

SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Nagios Enterprises, LLC
nagios
>>nagios_xi>>Versions up to 2012r2.3(inclusive)
cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012
cpe:2.3:a:nagios:nagios_xi:2012:rc2:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012
cpe:2.3:a:nagios:nagios_xi:2012:rc3:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012
cpe:2.3:a:nagios:nagios_xi:2012:rc4:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012r1.0
cpe:2.3:a:nagios:nagios_xi:2012r1.0:*:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012r1.1
cpe:2.3:a:nagios:nagios_xi:2012r1.1:*:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012r1.2
cpe:2.3:a:nagios:nagios_xi:2012r1.2:*:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012r1.3
cpe:2.3:a:nagios:nagios_xi:2012r1.3:*:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012r1.4
cpe:2.3:a:nagios:nagios_xi:2012r1.4:*:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012r1.5
cpe:2.3:a:nagios:nagios_xi:2012r1.5:*:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012r1.6
cpe:2.3:a:nagios:nagios_xi:2012r1.6:*:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012r1.7
cpe:2.3:a:nagios:nagios_xi:2012r1.7:*:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012r1.8
cpe:2.3:a:nagios:nagios_xi:2012r1.8:*:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012r1.9
cpe:2.3:a:nagios:nagios_xi:2012r1.9:*:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012r2.0
cpe:2.3:a:nagios:nagios_xi:2012r2.0:*:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012r2.1
cpe:2.3:a:nagios:nagios_xi:2012r2.1:*:*:*:*:*:*:*
Nagios Enterprises, LLC
nagios
>>nagios_xi>>2012r2.2
cpe:2.3:a:nagios:nagios_xi:2012r2.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://assets.nagios.com/downloads/nagiosxi/CHANGES-2012.TXTcve@mitre.org
N/A
http://secunia.com/advisories/55695cve@mitre.org
Vendor Advisory
http://www.security-assessment.com/files/documents/advisory/NagiosQL%20Core%20Config%20Manager%20SQL%20Injection%20Vulnerability%20Advisory%20-%20DA.pdfcve@mitre.org
Exploit
http://assets.nagios.com/downloads/nagiosxi/CHANGES-2012.TXTaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/55695af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.security-assessment.com/files/documents/advisory/NagiosQL%20Core%20Config%20Manager%20SQL%20Injection%20Vulnerability%20Advisory%20-%20DA.pdfaf854a3a-2127-422b-91ae-364da2661108
Exploit
Change History
0Changes found
Details not found