CVE-2024-54960 – A SQL injection vulnerability in Nagios XI 2024... (How to Fix)

Q: What is the severity of CVE-2024-54960?

CVE-2024-54960 has a CVSS score of 6.5 (MEDIUM). A SQL injection vulnerability in Nagios XI 2024R1.2.2 allows remote attackers to execute arbitrary SQL commands via crafted payloads in the History Tab component. This could lead to unauthorized data access, modification, or deletion. Organizations running Nagios XI 2024R1.2.2 are affected.

📋 TL;DR

A SQL injection vulnerability in Nagios XI 2024R1.2.2 allows remote attackers to execute arbitrary SQL commands via crafted payloads in the History Tab component. This could lead to unauthorized data access, modification, or deletion. Organizations running Nagios XI 2024R1.2.2 are affected.

💻 Affected Systems

Products:

Nagios XI

Versions: 2024R1.2.2

Operating Systems: All platforms running Nagios XI

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the History Tab component in the specified version.

📦 What is this software?

Nagios Xi by Nagios

View all CVEs affecting Nagios Xi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or full system takeover via subsequent attacks.

🟠

Likely Case

Unauthorized access to monitoring data, configuration information, and potential privilege escalation within Nagios.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details available in GitHub repository. Requires authentication to Nagios XI.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024R1.2.3 or later

Vendor Advisory: https://www.nagios.com/downloads/nagios-xi/change-log/

Restart Required: Yes

Instructions:

1. Backup current Nagios XI installation. 2. Download latest version from Nagios website. 3. Run upgrade script. 4. Restart Nagios services.

🔧 Temporary Workarounds

Input Validation Enhancement

linux

Implement additional input validation for History Tab parameters

# Requires code modification - implement parameterized queries in affected PHP files

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

# Example ModSecurity rule: SecRule ARGS "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

Restrict network access to Nagios XI administration interface
Implement strict database user permissions with least privilege principle

🔍 How to Verify

Check if Vulnerable:

Check Nagios XI version via Admin > System Config > About. If version is 2024R1.2.2, system is vulnerable.

Check Version:

grep 'nagios_version' /usr/local/nagiosxi/var/xiversion

Verify Fix Applied:

Verify version is 2024R1.2.3 or later and test History Tab functionality with SQL injection test payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by History Tab access
SQL syntax errors in web server logs

Network Indicators:

Unusual database connections from web server
SQL keywords in HTTP POST parameters to History Tab

SIEM Query:

source="apache.log" AND (uri="/nagiosxi/admin/history.php" OR uri="/nagiosxi/includes/components/history/") AND (message="*SELECT*" OR message="*UNION*" OR message="*INSERT*")

📊 Metadata

CVE ID: CVE-2024-54960

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-89

EPSS Score: 2.37% exploit probability (84.6th percentile)

Published: February 20, 2025

Last Updated: July 7, 2025

🔗 References

https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-54960 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54960, you might also want to check these: