CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-40931

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php

Exploit prediction scoring system (EPSS) score

EPSS Score 0.872

EPSS Ranking 99.4%

CVSS Severity

CVSS v3 Score 6.5

References

http://nagios.com
https://outpost24.com/blog/nagios-xi-vulnerabilities/
https://www.nagios.com/products/security/
http://nagios.com
https://outpost24.com/blog/nagios-xi-vulnerabilities/
https://www.nagios.com/products/security/

Products affected by CVE-2023-40931

Nagios » Nagios Xi » Version: Any

cpe:2.3:a:nagios:nagios_xi:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-40931

Products

Pricing

Contact Us