SQL Injection Vulnerability in Nagios XI API Allows Arbitrary SQL Command Execution

SQL Injection Vulnerability in Nagios XI API Allows Arbitrary SQL Command Execution

CVE-2019-9165 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.

Learn more about our Cis Benchmark Audit For Apple Ios.