CVE-2024-24401

CRITICAL

Nagios XI 2024R1.01 - SQL Injection via monitoringwizard.php

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-24401. PoCs published by MAWK0235, JIBEG-UNIX.

AI-analyzed exploit summary This PoC exploits CVE-2024-24401 in Nagios XI by leveraging SQL injection to extract admin credentials and create a new admin account, followed by command execution via Nagios XI's command configuration interface.

Description

SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.

Exploits (2)

nomisec WORKING POC 36 stars

by MAWK0235 · poc

https://github.com/MAWK0235/CVE-2024-24401

View Code ZIP pw:eip

This PoC exploits CVE-2024-24401 in Nagios XI by leveraging SQL injection to extract admin credentials and create a new admin account, followed by command execution via Nagios XI's command configuration interface.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Nagios XI

Auth required

Prerequisites: Valid Nagios XI credentials · Network access to Nagios XI web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC

by JIBEG-UNIX · poc

https://github.com/JIBEG-UNIX/CVE-2024-24401

View Code ZIP pw:eip

The repository contains a functional Python script that exploits an authenticated SQL injection vulnerability in Nagios XI 2024R1.0.1. The exploit uses SQLMap to dump credentials and create an admin account, leading to remote code execution.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Nagios XI 2024R1.0.1

Auth required

Prerequisites: Valid credentials for Nagios XI · Access to the target endpoint /nagiosxi//config/monitoringwizard.php

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Release Notes

https://www.nagios.com/changelog/

Scores

CVSS v3 9.8

EPSS 0.4009

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

nagios/nagios_xi 2024 r1.0.1

Published Feb 26, 2024

Tracked Since Feb 18, 2026