CVE-2023-46490

Name

CVE-2023-46490

Description

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
MISC	https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53
MISC	https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:cacti:cacti:1.2.25:::::::*`	cacti	== None	== 1.2.25

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
cacti	edge-community	1.2.26-r0	Jeff Bilyk <jbilyk@gmail.com>	fixed
cacti	edge-community	1.2.25-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	3.22-community	1.2.26-r0	None	fixed
cacti	3.22-community	1.2.25-r0	None	possibly vulnerable
cacti	3.21-community	1.2.26-r0	None	fixed
cacti	3.20-community	1.2.26-r0	None	fixed
cacti	3.19-community	1.2.26-r0	Jeff Bilyk <jbilyk@gmail.com>	fixed
cacti	3.19-community	1.2.25-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable