A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.
References
Link | Resource |
---|---|
http://nagios.com | Product |
https://outpost24.com/blog/nagios-xi-vulnerabilities/ | Third Party Advisory |
https://www.nagios.com/products/security/ | Vendor Advisory |
Configurations
History
22 Sep 2023, 01:20
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-89 | |
References | (MISC) http://nagios.com - Product | |
References | (MISC) https://outpost24.com/blog/nagios-xi-vulnerabilities/ - Third Party Advisory | |
References | (MISC) https://www.nagios.com/products/security/ - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
First Time |
Nagios nagios Xi
Nagios |
|
CPE | cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* |
19 Sep 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-19 23:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-40934
Mitre link : CVE-2023-40934
CVE.ORG link : CVE-2023-40934
JSON object : View
Products Affected
nagios
- nagios_xi
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')