|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-10-29 | |
| Rule Name: | Nagios XI SQL Injection Vulnerability (CVE-2023-40931) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | http://nagios.com https://outpost24.com/blog/nagios-xi-vulnerabilities/ https://www.nagios.com/products/security/ |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://www.nagios.com/products/security/ |