A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
References
Link | Resource |
---|---|
http://nagios.com | Product |
https://outpost24.com/blog/nagios-xi-vulnerabilities/ | Third Party Advisory |
https://www.nagios.com/products/security/ | Vendor Advisory |
Configurations
History
22 Sep 2023, 01:11
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-89 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* | |
First Time |
Nagios nagios Xi
Nagios |
|
References | (MISC) http://nagios.com - Product | |
References | (MISC) https://outpost24.com/blog/nagios-xi-vulnerabilities/ - Third Party Advisory | |
References | (MISC) https://www.nagios.com/products/security/ - Vendor Advisory |
19 Sep 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-19 23:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-40931
Mitre link : CVE-2023-40931
CVE.ORG link : CVE-2023-40931
JSON object : View
Products Affected
nagios
- nagios_xi
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')