Research is one of Shielder’s pillars. The company invests from 25% to 100% of their employees' work time in training and security research and they pay back with these great advisories.
![[Advisory]](https://www.shielder.it//img/advisory.png)
CVE-2019-9166: a privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php.
CVE-2019-9165: a SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers with a valid 'fusekey' API key to execute arbitrary SQL commands via a malicious user id.
CVE-2019-9167: a cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.