CVE-2013-6875
Published Nov 26, 2013
Last updated 11 years ago
Overview
- Description
- SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E621465B-1085-403E-AFF5-59772D5D3B58",
"versionEndIncluding": "2012r2.3"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF3337BC-AF8D-42B7-8A65-30A1575A0D91"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "264F7496-FB91-436A-A173-91C0DAB46727"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9337B85-CC8E-40D6-9E2D-096CF214BA41"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012r1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40C4F0AB-B5C8-405D-942D-6281511E46C0"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012r1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86FD81AC-3070-4036-9531-3C49B6BDD7C7"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012r1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CDE06E3-E884-49C7-A643-07D94D004C78"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012r1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3332E3A6-F435-4753-9384-3063E18212B9"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012r1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0B9CCC3-DC23-4871-B6D5-11721B4AC78E"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012r1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B5D53A3-445E-4A59-80AB-017480265C0B"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012r1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09685D17-FE3A-4572-BA07-3A223BE1E489"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012r1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68187520-9D07-4F42-8FB9-DA8E5C939F58"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012r1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CBDB6D28-F9D2-41FB-92B2-4FDC32A8BC88"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012r1.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA473BE3-4FA0-48F7-88BC-11B4F1AFBF0C"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012r2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D34178BE-D99F-4EFE-890E-19030F635D15"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012r2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB7CAE8E-43FA-4762-B8C1-9A476F088655"
},
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:2012r2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "910F1485-12D0-4A48-9AED-94CAA56D6FF4"
}
],
"operator": "OR"
}
]
}
]