QwikSec

Security Database

CVE

CWE

Training

CVE-2012-10029

Published: Aug 5, 2025

Modified: May 15, 2026

PUBLISHED

Description

Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution.

Vendor	Product	Versions
Nagios Enterprises	Nagios XI Graph Explorer	affected `0 - < 1.3`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb

exploit

https://www.exploit-db.com/exploits/23227

exploit

https://packetstorm.news/files/id/118705/

exploit

https://www.nagios.com/products/nagios-xi/

product

https://www.vulncheck.com/advisories/nagios-xi-network-monitor-graph-explorer-component-auth-command-injection

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.