Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2023-51448

Published: 22/12/2023 Updated: 29/12/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Cacti

Vulnerability Summary

Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cacti cacti 1.2.25

Vendor Advisories

Amazon Linux AMI: ALAS-2024-1915
Cacti provides an operational monitoring and fault management framework Version 1225 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `'managersphp'` An authenticated attacker with the "Settings/Utilities" permission can send a crafted HTTP GET request to the endpoint `'/cacti/managersp ...

Github Repositories

https://github.com/gg0h/gg0h

gg0h Vulnerability Analysis | Web Developer | OSCP | OSWE โ—๏ธ Preparing for OSED ๐Ÿ Python Enthusiast ๐Ÿ’ฌ How to reach me: Twitter CVEs: CVE-2023-25828 RCE in Pluck CMS via web-shell smuggling in JPEG CVE-2023-2453 RCE in PHPFusion via LFI on arbitrary 'php' file CVE-2023-51448 Blind SQL injection

References

CWE-89https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/managers.php#L941https://nvd.nist.govhttps://github.com/gg0h/gg0hhttps://alas.aws.amazon.com/ALAS-2024-1915.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You donโ€™t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook