CVE-2023-48084
Description
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
NVD
Severity: CRITICAL
CVE ID: CVE-2023-48084
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Hamibubu
Python program to dump all the databases, exploiting NagiosXI sqli vulnerability
Refrence: GitHub
bucketcat
Fixes broken syntax in the POC, automates the API_Token retrieval, stores the token as a variable and pipes into the fixed POC.
Refrence: GitHub