CVSS 3.1 Score 8.8 of 10 (high)


Published Sep 19, 2023
Updated: Sep 22, 2023


CVE-2023-40933 is a SQL injection vulnerability found in Nagios XI v5.11.1 and earlier versions. This vulnerability allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands through the ID parameter sent to the update_banner_message() function. It affects multiple products, including hHG1gT, n6AswL, n6AswK, and others. The risk score for this vulnerability is 72 out of 100, indicating a high level of risk. Remediation for this vulnerability involves updating Nagios XI to a version that includes a fix for the SQL injection issue. If left unaddressed, this vulnerability poses a significant danger to organizations as it can lead to unauthorized access, data manipulation, and potential compromise of sensitive information stored in the affected systems.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-40933 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options