CVE-2012-10063

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2012R1.3

Description Nagios XI is affected by a SQL injection issue in the legacy Core Configuration Manager (CCM) interface. Authenticated users can manipulate SQL queries by providing crafted input to specific CCM parameters. This could allow access to configuration data stored in the application database. Successful exploitation may lead to disclosure or modification of notification data and potentially impact the application database. The vulnerable parameters are not specified.

Recommendations Update Nagios XI to version 2012R1.3 or later.