CVE-2023-51448

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 22, 2023
Updated: Jun 10, 2024
CWE ID 89

Summary

CVE-2023-51448 is a Blind SQL Injection vulnerability affecting Cacti version 1.2.25. This operational monitoring framework contains an issue in its SNMP Notification Receivers feature, found in the file `‘managers.php’`. An attacker with "Settings/Utilities" permissions can exploit this vulnerability by sending a crafted HTTP GET request to the `‘/cacti/managers.php’` endpoint, including an SQL injection payload in the `‘selected_graphs_array’` parameter. As of now, no patched versions have been released to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share