CVE-2012-10029
Nagios XI Network Monitor Graph Explorer Component < 1.3 Authenticated Command Injection
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution.
| CWE | CWE-78 |
| Vendor | nagios enterprises |
| Product | nagios xi graph explorer |
| Published | Aug 5, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for nagios enterprises nagios xi graph explorer
Be the first to know when new unknown vulnerabilities affecting nagios enterprises nagios xi graph explorer are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Nagios Enterprises / Nagios XI Graph Explorer
* < 1.3
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb exploit-db.com: https://www.exploit-db.com/exploits/23227 packetstorm.news: https://packetstorm.news/files/id/118705/ nagios.com: https://www.nagios.com/products/nagios-xi/ vulncheck.com: https://www.vulncheck.com/advisories/nagios-xi-network-monitor-graph-explorer-component-auth-command-injection
Credits
Daniel Compton