← Zuruck zu CVEs
CVE-2020-36857
HIGH7.2
Beschreibung
Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the SNMP Trap Interface page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly sanitized, allowing SQL injection that may lead to unauthorized disclosure or modification of application data or execution of arbitrary SQL commands against the backend database.
CVE Details
CVSS v3.1 Bewertung7.2
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht10/30/2025
Zuletzt geandert11/5/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
nagios:nagios_xi
Schwachen (CWE)
CWE-89
Referenzen
https://www.nagios.com/changelog/nagios-xi/(disclosure@vulncheck.com)
https://www.nagios.com/products/security/#nagios-xi(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/nagios-xi-authenticated-sqli-via-snmp-trap-interface-page(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.