Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prior validation of user input, leading to the existence of multiple SQL injection vulnerabilities in Cacti. This allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Configurations
History
18 Mar 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Nov 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Nov 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 | |
References |
|
20 Oct 2023, 19:53
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
|
CWE | ||
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/ - Mailing List | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/ - Mailing List |
13 Oct 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Sep 2023, 18:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
Cacti
Cacti cacti |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqg - Exploit, Vendor Advisory | |
CPE | cpe:2.3:a:cacti:cacti:1.2.24:*:*:*:*:*:*:* |
05 Sep 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-05 22:15
Updated : 2024-03-18 20:15
NVD link : CVE-2023-39357
Mitre link : CVE-2023-39357
CVE.ORG link : CVE-2023-39357
JSON object : View
Products Affected
fedoraproject
- fedora
cacti
- cacti