SQL Injection Vulnerability in Nagios XI 5.11.1 and Below: Arbitrary SQL Command Execution via Host Escalation Notification Settings

SQL Injection Vulnerability in Nagios XI 5.11.1 and Below: Arbitrary SQL Command Execution via Host Escalation Notification Settings

CVE-2023-40934 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.

Learn more about our Cis Benchmark Audit For Apple Ios.