{"api_version":"1","generated_at":"2026-04-23T06:08:31+00:00","cve":"CVE-2023-40931","urls":{"html":"https://cve.report/CVE-2023-40931","api":"https://cve.report/api/cve/CVE-2023-40931.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-40931","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-40931"},"summary":{"title":"CVE-2023-40931","description":"A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-09-19 23:15:00","updated_at":"2023-09-22 01:11:00"},"problem_types":["CWE-89"],"metrics":[],"references":[{"url":"https://www.nagios.com/products/security/","name":"https://www.nagios.com/products/security/","refsource":"MISC","tags":[],"title":"Security Disclosures - Nagios","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://outpost24.com/blog/nagios-xi-vulnerabilities/","name":"https://outpost24.com/blog/nagios-xi-vulnerabilities/","refsource":"MISC","tags":[],"title":"Nagios XI vulnerabilities resulting in privilege escalation (& more)   - Outpost24","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://nagios.com","name":"http://nagios.com","refsource":"MISC","tags":[],"title":"Nagios - Network, Server and Log Monitoring Software","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-40931","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40931","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"40931","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nagios","cpe5":"nagios_xi","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-40931","qid":"378884","title":"Nagios XI Multiple Vulnerabilities"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-40931","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"http://nagios.com","refsource":"MISC","name":"http://nagios.com"},{"refsource":"MISC","name":"https://www.nagios.com/products/security/","url":"https://www.nagios.com/products/security/"},{"refsource":"MISC","name":"https://outpost24.com/blog/nagios-xi-vulnerabilities/","url":"https://outpost24.com/blog/nagios-xi-vulnerabilities/"}]}},"nvd":{"publishedDate":"2023-09-19 23:15:00","lastModifiedDate":"2023-09-22 01:11:00","problem_types":["CWE-89"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11.0","versionEndExcluding":"5.11.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}