CVE-2016-15050

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.2.4

Description An issue exists in the notification search functionality where user-supplied search parameters are incorporated into SQL statements without adequate parameterization or sanitation. This allows an authenticated user to manipulate database queries, which could lead to the disclosure or modification of notification data and potentially impact the application database more broadly. SQL injection is a technique where an attacker inserts malicious SQL code into a query to manipulate the database.

Recommendations Update to version 5.2.4 or later.