CVE-2023-40931

MEDIUM NUCLEI

Nagios XI 5.11.0-5.11.1 - Authenticated SQL Injection via Banner Message ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-40931. PoCs published by sealldeveloper, G4sp4rCS, datboi6942. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a functional SQL injection exploit for CVE-2023-40931 using sqlmap, targeting Nagios XI's banner_message-ajaxhelper.php endpoint. The exploit requires valid credentials and leverages an authenticated SQLi vulnerability to dump the xi_users table.

Description

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php

Exploits (3)

nomisec WORKING POC 1 stars

by sealldeveloper · poc

https://github.com/sealldeveloper/CVE-2023-40931-PoC

View Code ZIP pw:eip

This repository provides a functional SQL injection exploit for CVE-2023-40931 using sqlmap, targeting Nagios XI's banner_message-ajaxhelper.php endpoint. The exploit requires valid credentials and leverages an authenticated SQLi vulnerability to dump the xi_users table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Nagios XI

Auth required

Prerequisites: Valid Nagios XI username and password · Access to the target Nagios XI instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by G4sp4rCS · poc

https://github.com/G4sp4rCS/CVE-2023-40931-POC

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2023-40931, targeting Nagios XI. The exploit demonstrates SQL injection via the 'id' parameter in the banner_message-ajaxhelper.php endpoint and includes functionality to create an admin account and attempt a reverse shell.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Nagios XI

Auth required

Prerequisites: Valid Nagios XI credentials · Network access to the target system

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by datboi6942 · poc

https://github.com/datboi6942/Nagios-XI-s-CVE-2023-40931-Exploit

View Code ZIP pw:eip

This Python script demonstrates an authenticated SQL injection vulnerability in Nagios XI by leveraging a vulnerable endpoint to dump database contents using sqlmap. It includes authentication, session handling, and a proof-of-concept SQLi payload.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Nagios XI

Auth required

Prerequisites: Valid Nagios XI credentials · Network access to the target · sqlmap installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Nagios XI v5.11.0 - SQL Injection

MEDIUMVERIFIEDby ritikchaddha

Shodan: title:"Nagios XI"

FOFA: app="nagios-xi"

References (3)

Core 3

Core References

Product

http://nagios.com

Third Party Advisory

https://outpost24.com/blog/nagios-xi-vulnerabilities/

Vendor Advisory

https://www.nagios.com/products/security/

Scores

CVSS v3 6.5

EPSS 0.1348

EPSS Percentile 96.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

nagios/nagios_xi 5.11.0 - 5.11.2

Published Sep 19, 2023

Tracked Since Feb 18, 2026