{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2020-36869","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-10-30T14:33:17.565Z","datePublished":"2025-10-30T21:45:10.468Z","dateUpdated":"2025-11-17T18:21:41.647Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["Web UI – SNMP Trap Interface: edit page / parameter handler"],"product":"XI","vendor":"Nagios","versions":[{"lessThan":"5.7.5","status":"affected","version":"0","versionType":"semver"}]}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*","versionEndExcluding":"5.7.5"}]}]}],"credits":[{"lang":"en","type":"finder","value":"Matthew Aberegg"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Nagios XI versions prior to&nbsp;5.7.5&nbsp;contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly sanitized, allowing SQL injection that may lead to unauthorized disclosure or modification of application data or execution of arbitrary SQL commands against the backend database.<br>"}],"value":"Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly sanitized, allowing SQL injection that may lead to unauthorized disclosure or modification of application data or execution of arbitrary SQL commands against the backend database."}],"impacts":[{"capecId":"CAPEC-66","descriptions":[{"lang":"en","value":"CAPEC-66 SQL Injection"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2025-11-17T18:21:41.647Z"},"references":[{"tags":["release-notes","patch"],"url":"https://www.nagios.com/changelog/nagios-xi/"},{"tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/nagios-xi-sqli-via-snmp-trap-interface-edit-page"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Nagios addresses this vulnerability as \"Fixed SQL injection vulnerability in the edit page for SNMP Trap Interface.\"<br>"}],"value":"Nagios addresses this vulnerability as \"Fixed SQL injection vulnerability in the edit page for SNMP Trap Interface.\""}],"source":{"discovery":"UNKNOWN"},"title":"Nagios XI < 5.7.5 SQL injection via SNMP Trap Interface Edit Page","x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-31T13:05:35.452100Z","id":"CVE-2020-36869","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-31T13:23:30.086Z"}}]}}