CVE-2019-12279

Name of the Vulnerable Software and Affected Versions Nagios XI version 5.6.1

Description The issue concerns a potential SQL injection via the username parameter to "login.php?forgotpass" (also known as the reset password form). However, the vendor disputes this as a vulnerability, stating that the proof of concept does not demonstrate a valid SQL injection and that the username value is passed through SQL escaping functions when creating the SQL query.

Recommendations For Nagios XI version 5.6.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.