CVE-2023-40931: SQL Injection
First published: Tue Sep 19 2023(Updated: )
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Nagios XI | >=5.11.0<5.11.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-40931?
CVE-2023-40931 is a SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1.
How does CVE-2023-40931 affect Nagios XI?
CVE-2023-40931 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php.
How severe is CVE-2023-40931?
CVE-2023-40931 has a severity score of 6.5, classified as medium.
What is the Common Weakness Enumeration (CWE) for CVE-2023-40931?
The CWE for CVE-2023-40931 is CWE-89, which stands for Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').
Where can I find more information about CVE-2023-40931?
You can find more information about CVE-2023-40931 on the following references: http://nagios.com, https://outpost24.com/blog/nagios-xi-vulnerabilities/, and https://www.nagios.com/products/security/.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nagios
- canonical/nagios nagios xi
- version/nagios nagios xi/5.11.0