CVE-2018-8734

CRITICAL

Nagios XI 5.2.0-5.4.12 - SQL Injection via selInfoKey1 Parameter

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2018-8734. PoCs published by Metasploit, Jared Arave, Francesco Oddo, wvu, including Metasploit module exploits/linux/http/nagios_xi_chained_rce.

AI-analyzed exploit summary This Metasploit module exploits multiple vulnerabilities in Nagios XI (CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736) to achieve remote root access via SQL injection, API key enumeration, and command injection.

Description

SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/44969

View Code ZIP pw:eip

This Metasploit module exploits multiple vulnerabilities in Nagios XI (CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736) to achieve remote root access via SQL injection, API key enumeration, and command injection.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Nagios XI 5.2.6-5.4.12

No auth needed

Prerequisites: Network access to Nagios XI web interface · Vulnerable version of Nagios XI

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Jared Arave · pythonwebappsphp

https://www.exploit-db.com/exploits/44560

View Code ZIP pw:eip

This exploit chains multiple vulnerabilities (CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736) in Nagios XI to achieve remote root access. It starts by changing the database user to root, extracts API keys via SQL injection, adds an administrative user, and executes a reverse shell or custom command.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Nagios XI versions 5.2.[6-9], 5.3, 5.4

No auth needed

Prerequisites: Network access to the target Nagios XI instance · Nagios XI version 5.2.[6-9], 5.3, or 5.4

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Francesco Oddo, wvu · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagios_xi_chained_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits a chain of vulnerabilities (SQLi, auth bypass, file upload, command injection, and privilege escalation) in Nagios XI <= 5.2.7 to achieve remote code execution as root. It demonstrates a full exploit chain with clear technical implementation.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Nagios XI <= 5.2.7

No auth needed

Prerequisites: Network access to the Nagios XI server · Default or known user ID in the database

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

metasploit WORKING POC MANUAL

by Cale Smith, Benny Husted, Jared Arave · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagios_xi_chained_rce_2_electric_boogaloo.rb

View Code ZIP pw:eip

This Metasploit module exploits multiple vulnerabilities in Nagios XI (5.2.6-5.4.12) to achieve remote root access via SQL injection, API key enumeration, and command injection.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Nagios XI 5.2.6-5.4.12

No auth needed

Prerequisites: Network access to Nagios XI web interface · Vulnerable version of Nagios XI

MITRE ATT&CK