CVE-2023-40933 Information

Description

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.

Reference

https://outpost24.com/blog/nagios-xi-vulnerabilities/ http://nagios.com https://www.nagios.com/products/security/