CVE-2020-36869: 
Nagios XI vulnerability analysis and mitigation

Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. The vulnerability is tracked as CVE-2020-36869 and was discovered by Matthew Aberegg. The vulnerability affects the SNMP Trap Interface edit functionality in Nagios XI installations before version 5.7.5 (VulnCheck Advisory).

The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) with a CVSS score of 8.5. The issue occurs due to improper sanitization of user input in the SNMP Trap Interface edit page, which could allow SQL injection attacks. The vulnerability requires an account with administrative privileges to access the affected interface (VulnCheck Advisory).

Successful exploitation of this vulnerability could allow an authenticated administrator to perform SQL injection attacks, potentially leading to unauthorized disclosure or modification of application data, or execution of arbitrary SQL commands against the backend database (VulnCheck Advisory).

The vulnerability has been fixed in Nagios XI version 5.7.5. Users should upgrade to this version or later to address the SQL injection vulnerability (Nagios Changelog).