CVE-2023-40931
Description
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
NVD
Severity: MEDIUM
CVE ID: CVE-2023-40931
CVSS Score: 6.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Proof Of Concept
sealldeveloper
The sqlmap payload to exploit CVE-2023-40931
Refrence: GitHub