Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-40933

Published: 19/09/2023 Updated: 22/09/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Nagios Xi

Vulnerability Summary

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nagios nagios xi

Github Repositories

https://github.com/sealldeveloper/CVE-2023-40933-PoC

The sqlmap payload to exploit CVE-2023-40933

CVE-2023-40933 The sqlmap payload to exploit CVE-2023-40933 Payload Required Information: Valid Username and Password Domain and path of hosted instance sqlmap -D nagiosxi -T xi_users -u "<INSTANCE>/nagiosxi/admin/banner_message-ajaxhelperphp?action=update_banner_message_settings&id=3&token=`curl -ksX POST <INSTANCE&a

References

CWE-89https://outpost24.com/blog/nagios-xi-vulnerabilities/http://nagios.comhttps://www.nagios.com/products/security/https://nvd.nist.govhttps://github.com/sealldeveloper/CVE-2023-40933-PoC
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook