CVE-2024-24401

Name of the Vulnerable Software and Affected Versions Nagios XI version 2024R1.01

Description The issue is related to a SQL injection vulnerability in the monitoringwizard.php component. This vulnerability allows a remote attacker to execute arbitrary code via a crafted payload. The vulnerability is associated with the possibility of injecting commands, which can enable a remote attacker to execute arbitrary SQL queries.

Recommendations For Nagios XI version 2024R1.01, as a temporary workaround, consider disabling the monitoringwizard.php component until a patch is available. Restrict access to the monitoringwizard.php component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.