← back
CVE-2023-39361

Unauthenticated SQL Injection in graph_view.php in Cacti

CVSS 9.8 CRITICALEPSS 87.6%CWE-89
In short

Cacti has a SQL injection vulnerability in graph_view.php that can be accessed without logging in if guest access is enabled. Attackers can exploit this to steal data, gain admin privileges, or run malicious code on the server.

Technical detail

An unauthenticated SQL injection vulnerability exists in graph_view.php (CWE-89) accessible to guest users by default in Cacti versions prior to 1.2.25. The attack vector is network-based with no privilege requirements; successful exploitation could lead to database compromise, privilege escalation, or remote code execution depending on database permissions and application configuration.

Summary generated and translated by AI from the official description.
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Cacti · cacti
public PoCs found2
githubgithub.com/HPT-Intern-Task-Submission/CVE-2023-393610githubgithub.com/ChoDeokCheol/CVE-2023-393610
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrghttps://lists.debian.org/debian-lts-announce/2024/03/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/https://www.debian.org/security/2023/dsa-5550