CVE-2013-6875
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
26/11/2013
Last modified:
11/04/2025
Description
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* | 2012r2.3 (including) | |
| cpe:2.3:a:nagios:nagios_xi:2012:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:nagios:nagios_xi:2012:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:nagios:nagios_xi:2012:rc4:*:*:*:*:*:* | ||
| cpe:2.3:a:nagios:nagios_xi:2012r1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nagios:nagios_xi:2012r1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nagios:nagios_xi:2012r1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nagios:nagios_xi:2012r1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nagios:nagios_xi:2012r1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nagios:nagios_xi:2012r1.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nagios:nagios_xi:2012r1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nagios:nagios_xi:2012r1.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nagios:nagios_xi:2012r1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nagios:nagios_xi:2012r1.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nagios:nagios_xi:2012r2.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://assets.nagios.com/downloads/nagiosxi/CHANGES-2012.TXT
- http://secunia.com/advisories/55695
- http://www.security-assessment.com/files/documents/advisory/NagiosQL%20Core%20Config%20Manager%20SQL%20Injection%20Vulnerability%20Advisory%20-%20DA.pdf
- http://assets.nagios.com/downloads/nagiosxi/CHANGES-2012.TXT
- http://secunia.com/advisories/55695
- http://www.security-assessment.com/files/documents/advisory/NagiosQL%20Core%20Config%20Manager%20SQL%20Injection%20Vulnerability%20Advisory%20-%20DA.pdf