CVE-2023-51448

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 22, 2023

Updated: Jun 10, 2024

CWE ID 89

Summary

CVE-2023-51448 is a Blind SQL Injection vulnerability affecting Cacti version 1.2.25. This operational monitoring framework contains an issue in its SNMP Notification Receivers feature, found in the file `‘managers.php’`. An attacker with "Settings/Utilities" permissions can exploit this vulnerability by sending a crafted HTTP GET request to the `‘/cacti/managers.php’` endpoint, including an SQL injection payload in the `‘selected_graphs_array’` parameter. As of now, no patched versions have been released to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cacti

Affected Vendors

Cacti

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t29f-f
https://www.cve.org/CVERecord?id=CVE-2023-51448
https://nvd.nist.gov/vuln/detail/CVE-2023-51448

Back to Vulnerability Database