Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2023-51448

Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `'managers.php'`. An authenticated attacker with the "Settings/Utilities" permission can send a crafted HTTP GET request to the endpoint `'/cacti/managers.php'` with an SQLi payload in the `'selected_graphs_array'` HTTP GET parameter. As of time of publication, no patched versions exist. (CVE-2023-51448)

Source

ALAS-2024-1915

Amazon Linux 1 Security Advisory: ALAS-2024-1915
Advisory Release Date: 2024-02-01 19:33 Pacific
Advisory Updated Date: 2024-02-01 19:33 Pacific

Severity: Important

References: CVE-2023-51448
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `'managers.php'`. An authenticated attacker with the "Settings/Utilities" permission can send a crafted HTTP GET request to the endpoint `'/cacti/managers.php'` with an SQLi payload in the `'selected_graphs_array'` HTTP GET parameter. As of time of publication, no patched versions exist. (CVE-2023-51448)

Affected Packages:

cacti

Issue Correction:
Run yum update cacti to update your system.

New Packages:

noarch:
    cacti-1.1.19-6.24.amzn1.noarch

src:
    cacti-1.1.19-6.24.amzn1.src

Additional References

Red Hat: CVE-2023-51448

Mitre: CVE-2023-51448

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2024-1915

ALAS-2024-1915

Additional References

Vulmon Search

About

Products

Connect