漏洞描述
Nagios XI是一款商业版本的企业服务器和网络监控软件。Nagios XI存在sql注入漏洞,该漏洞是由于ccm接口对用户的请求验证不当导致的。
Nagios XI CVE-2023-40934 SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- Nagios XI-默认口令漏洞
- Nagios Log Server 需授权 命令注入漏洞
- Nagios Log Server 权限管理不当漏洞
- POC CVE-2018-10735: NagiosXI <= 5.4.12 `commandline.php` SQL injection
- POC CVE-2018-10736: NagiosXI <= 5.4.12 - SQL injection
- POC CVE-2018-10737: NagiosXI <= 5.4.12 logbook.php SQL injection
- POC CVE-2018-10738: NagiosXI <= 5.4.12 menuaccess.php - SQL injection
- POC CVE-2021-25296: Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
- POC CVE-2021-25297: Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection
- POC CVE-2021-25298: Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
- POC CVE-2021-25299: Nagios XI 5.7.5 - Cross-Site Scripting
- POC CVE-2021-38156: Nagios XI < 5.8.6 - Cross-Site Scripting
- POC CVE-2022-29272: Nagios XI <5.8.5 - Open Redirect