CVE-2023-40934

high

Description

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.

References

https://www.nagios.com/products/security/

https://outpost24.com/blog/nagios-xi-vulnerabilities/

http://nagios.com

Details

Source: Mitre, NVD

Published: 2023-09-19

Updated: 2023-09-22

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H