CVE-2021-47693
Published: 30 October 2025
Summary
CVE-2021-47693 is a high-severity SQL Injection (CWE-89) vulnerability in Nagios Nagios Xi. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 21.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of user-supplied inputs like search text to prevent SQL injection by ensuring they conform to expected syntax before incorporation into queries.
Mandates timely identification, reporting, and correction of flaws such as this SQL injection vulnerability through patching to versions like Nagios XI 5.8.5.
Requires regular vulnerability scanning that would identify SQL injection issues in the Core Config Manager, enabling proactive remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQLi enables arbitrary SQL execution by low-priv users, facilitating privilege escalation via exploitation (T1068), collection from databases (T1213.006), and manipulation of stored configuration/application data (T1565.001).
NVD Description
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors,…
more
allowing authenticated users to inject SQL fragments. Successful exploitation could lead to unauthorized disclosure or modification of configuration and application data, and in some environments could allow further compromise of the application or backend database.
Deeper analysisAI
CVE-2021-47693 is a SQL injection vulnerability (CWE-89) in the Core Config Manager (CCM) component of Nagios XI versions prior to CCM 3.1.3 and Nagios XI 5.8.5. The issue stems from unsanitized user-supplied input in search text handling being directly incorporated into SQL queries used by configuration object editors, enabling injection of arbitrary SQL fragments.
The vulnerability can be exploited by authenticated users with low privileges over the network, requiring low complexity and no user interaction, as indicated by its CVSS 3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation allows attackers to disclose or modify configuration and application data without authorization, and in some environments, escalate to further compromise the application or backend database.
Mitigation requires upgrading to CCM 3.1.3 or Nagios XI 5.8.5, as detailed in the Nagios XI changelog (https://www.nagios.com/changelog/nagios-xi/) and VulnCheck advisory (https://www.vulncheck.com/advisories/nagios-xi-ccm-sqli-via-improper-escaping-in-search-text).
Details
- CWE(s)