SQL Injection vulnerability when managing SNMP Notification Receivers
CVE-2023-51448
Key Information:
Badges
What is CVE-2023-51448?
Cacti, an operational monitoring and fault management framework, is impacted by a Blind SQL Injection vulnerability in its SNMP Notification Receivers feature. An authenticated user with 'Settings/Utilities' permissions can exploit this vulnerability by sending a specially crafted HTTP GET request to the 'managers.php' file, specifically targeting the 'selected_graphs_array' parameter. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized data access. As of the latest information, there are no patches available for this vulnerability.
Affected Version(s)
cacti <= 1.2.25
News Articles
Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Social engineer reveals effective tricks for real-world
Help Net SecurityCVE-2023-51448SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) - Help Net Security
A high severity blind SQLi vulnerability (CVE-2023-51448) has been discovered in Cacti, an open-source front-end app for RRDtool.
References
EPSS Score
28% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- đź“°
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved