What is CVE-2023-40931?

CVE-2023-40931 is a vulnerability in N/a. Published 2023-09-19.

Is CVE-2023-40931 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-40931

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelpe…

EPSS: 0.878 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

sealldeveloper/CVE-2023-40931-PoC
G4sp4rCS/CVE-2023-40931-POC
datboi6942/Nagios-XI-s-CVE-2023-40931-Exploit
nomi-sec/PoC-in-GitHub
20142995/nuclei-templates
plzheheplztrying/cve_
YuchaoZheng88/HTB-prepare
cyb3r-w0lf/nuclei-template-collection

References

nagios.com
www.nagios.com/products/security/
outpost24.com/blog/nagios-xi-vulnerabilities/

Frequently asked questions

What is CVE-2023-40931?: CVE-2023-40931 is a vulnerability in N/a. Published 2023-09-19.
Is CVE-2023-40931 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.