CVE-2020-36857

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.6.14

Description Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection issue in the SNMP Trap Interface page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly sanitized, allowing SQL injection that may lead to unauthorized disclosure or modification of application data or execution of arbitrary SQL commands against the backend database.

Recommendations Update Nagios XI to version 5.6.14 or later.