EIP-2026-103999

PRE-CVE

Nagios XI - 'users.php' SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103999. PoCs published by Adam Baldwin.

AI-analyzed exploit summary The exploit demonstrates an SQL injection vulnerability in Nagios XI's admin/users.php page, allowing an attacker to extract user passwords by manipulating the 'records' parameter. The payload uses CHR concatenation to bypass basic filters and retrieve the password for the 'nagiosadmin' user.

Description

Nagios XI - 'users.php' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by Adam Baldwin · textremotemultiple

https://www.exploit-db.com/exploits/34523

View Code ZIP pw:eip

The exploit demonstrates an SQL injection vulnerability in Nagios XI's admin/users.php page, allowing an attacker to extract user passwords by manipulating the 'records' parameter. The payload uses CHR concatenation to bypass basic filters and retrieve the password for the 'nagiosadmin' user.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Nagios XI versions prior to 2009R1.3

No auth needed

Prerequisites: Access to the Nagios XI admin/users.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026