Title:Nagios XI SQL注入漏洞 (CVE-2018-10735) Description:Nagios XI是美国Nagios公司的一套IT基础设施监控解决方案。该方案支持对应用、服务、操作系统等进行监控和预警。 Nagios XI 5.4.13之前版本中存在SQL注入漏洞。远程攻击者可借助‘cname’参数利用该漏洞执行任意的SQL命令。
Description
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.