CVE-2023-51448
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-51448 is a Blind SQL Injection (SQLi) vulnerability found in Cacti version 1.2.25. This vulnerability affects the SNMP Notification Receivers feature in the file 'managers.php'. An authenticated attacker with the "Settings/Utilities" permission can exploit this vulnerability by sending a crafted HTTP GET request to the endpoint '/cacti/managers.php' with an SQLi payload in the 'selected_graphs_array' parameter. Currently, there are no patched versions available to fix this vulnerability. The risk score for this vulnerability is 72, indicating a high base severity and potential impact on confidentiality, integrity, and availability of affected systems.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions