KEVIntel
Back to KEVs
7.2
CVSS
High

CVE-2018-10737

PUBLISHED

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.

Exploited in the wild Remote Low complexity No user interaction
Vendor
Nagios
Product
XI
Published
May 16, 2018
EPSS

Description

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.

php ios nuclei_scanner

CVSS scores

CVSS v3.0 7.2 High

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 6.5

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitation status

Exploited in the wild

Recorded 2025-04-25 00:00:00 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
The Shadowserver (via CIRCL) Apr 25, 2025

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-10737.yaml Apr 25, 2025

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel