What is CVE-2012-10029?

CVE-2012-10029 is a vulnerability in Nagios Enterprises Xi Graph Explorer, classified under OS Command Injection. Published 2025-08-05.

Is CVE-2012-10029 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Nagios Enterprises Xi Graph Explorer

CVE-2012-10029

Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in re…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.694 (98.7th percentile) — read the EPSS interpretation.

Affected products

Nagios Enterprises Xi Graph Explorer — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.exploit-db.com/exploits/23227 (exploit)
packetstorm.news/files/id/118705/ (exploit)
www.nagios.com/products/nagios-xi/ (product)
www.vulncheck.com/advisories/nagios-xi-network-monitor-graph-explorer-component… (third-party-advisory)

Frequently asked questions

What is CVE-2012-10029?: CVE-2012-10029 is a vulnerability in Nagios Enterprises Xi Graph Explorer, classified under OS Command Injection. Published 2025-08-05.
Is CVE-2012-10029 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.