PT-2023-5428 · Cacti+1 · Cacti+1

Netniv

Publicado

2023-09-05

Atualizado

2025-01-24

CVE-2023-39365

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.25

Description The issue is related to Cacti, an open source operational monitoring and fault management framework. It involves problems with Regular Expression validation combined with the external links feature, which can lead to limited SQL Injections and subsequent data leakage. This can allow a remote attacker to execute arbitrary SQL queries.

Recommendations For versions prior to 1.2.25, users are advised to upgrade to version 1.2.25 or later to address the issue. As a temporary workaround, consider restricting access to the external links feature until the upgrade is applied. There are no known workarounds for this issue other than upgrading.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

ALT-PU-2023-7619

ALT-PU-2023-7621

ALT-PU-2024-7120

ALT-PU-2025-1813

BDU:2023-06058

CVE-2023-39365

DLA-3765-1

DSA-5550-1

GHSA-V5W7-HWW7-2F22

OPENSUSE-SU-2023:0275-1

OPENSUSE-SU-2024:13203-1

ZDI-23-1499

ZDI-23-1500

Produtos afetados

Alt Linux

Cacti

PT-2023-5428 · Cacti+1 · Cacti+1

CVE-2023-39365

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 61