SecBoard
Zurück zur CVE-Übersicht

CVE-2023-40931

MEDIUM(6.5)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Risk Signal Score20/100 — NIEDRIG
  • CVSS 6.5 — Mittel

EPSS-Score

13%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.5

Technische Schwere

Beschreibung

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php

Referenzen