Skip to main content

CVE-2023-40931

Description

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php

NVD
Severity: MEDIUM
CVE ID: CVE-2023-40931
CVSS Score: 6.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Refrence: NVD MITRE

Proof Of Concept

sealldeveloper

The sqlmap payload to exploit CVE-2023-40931

Refrence: GitHub

Description
Proof Of Concept