Users of Nagios XI please be advised of a users.php SQL Injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
NGENUITY-2010-008: [NGENUITY-2010-008] Nagios XI users.php SQL Injection
Technical Description
The records variable on the users.php command is not properly sanitized
and allows for injection of SQL commands. Stacked queries are also
allowed into the postgres database.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/bVvhpD
No comments:
Post a Comment