PT-2023-5428 · Cacti+1 · Cacti+1

Netniv

Published

2023-09-05

Updated

2025-01-24

CVE-2023-39365

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.25

Description The issue is related to Cacti, an open source operational monitoring and fault management framework. It involves problems with Regular Expression validation combined with the external links feature, which can lead to limited SQL Injections and subsequent data leakage. This can allow a remote attacker to execute arbitrary SQL queries.

Recommendations For versions prior to 1.2.25, users are advised to upgrade to version 1.2.25 or later to address the issue. As a temporary workaround, consider restricting access to the external links feature until the upgrade is applied. There are no known workarounds for this issue other than upgrading.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

ALT-PU-2023-7619

ALT-PU-2023-7621

ALT-PU-2024-7120

ALT-PU-2025-1813

BDU:2023-06058

CVE-2023-39365

DLA-3765-1

DSA-5550-1

GHSA-V5W7-HWW7-2F22

OPENSUSE-SU-2023:0275-1

OPENSUSE-SU-2024:13203-1

ZDI-23-1499

ZDI-23-1500

Affected Products

Alt Linux

Cacti

PT-2023-5428 · Cacti+1 · Cacti+1

CVE-2023-39365

Weakness Enumeration

Related Identifiers

Affected Products

References · 61