CVE-2023-39358

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.25

Description An authenticated SQL injection issue allows authenticated users to perform privilege escalation and remote code execution. The issue resides in the reports user.php file, specifically in the ajax get branches function where the tree id parameter is passed to the reports get branch select function without validation.

Recommendations For versions prior to 1.2.25, upgrade to version 1.2.25 or later to address the issue. As a temporary workaround, consider restricting access to the reports user.php file and the ajax get branches function until a patch is applied. Avoid using the tree id parameter in the affected function until the issue is resolved.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

ALT-PU-2023-7619

ALT-PU-2023-7621

ALT-PU-2024-7120

ALT-PU-2025-1813

BDU:2023-06055

CVE-2023-39358

GHSA-GJ95-7XR8-9P7G

OPENSUSE-SU-2023:0275-1

OPENSUSE-SU-2024:13203-1

Affected Products

Alt Linux

Cacti

CVE-2023-39358

Weakness Enumeration

Related Identifiers

Affected Products

References · 54