CVE-2024-54960

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 20, 2025

CWE ID 89

Summary

CVE-2024-54960 is a recently disclosed SQL Injection vulnerability affecting Nagios XI 2024R1.2.2. An attacker can exploit this flaw by sending a specially crafted payload to the History Tab component, allowing them to execute SQL queries and potentially gain unauthorized access to sensitive data. Successful exploitation could lead to data theft or even system compromise. Users running this version of Nagios XI are strongly advised to apply the available patch or upgrade to a newer, secure version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nagios Core

Affected Vendors

Nagios Enterprises LLC

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/1Ttts_
https://www.cve.org/CVERecord?id=CVE-2024-54960
https://nvd.nist.gov/vuln/detail/CVE-2024-54960

Back to Vulnerability Database