Remote Code Execution Vulnerability in Nagios XI by Nagios Enterprises
CVE-2024-54960

6.5MEDIUM

Key Information:

Vendor

Nagios Enterprises

Status
Nagios XI
Vendor
CVE Published:
20 February 2025

What is CVE-2024-54960?

A critical SQL Injection vulnerability exists in Nagios XI 2024R1.2.2 that allows a remote attacker to execute arbitrary SQL queries. This can occur through a specially crafted payload submitted in the History Tab component, potentially compromising sensitive data and application integrity. Prompt patching and review of configurations are essential to mitigate the risks associated with this vulnerability.

References

https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-54960

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.