close search bar

Sorry, not available in this language yet

close language selection

CyRC Vulnerability Advisory: CVE-2023-51448 Blind SQL Injection in SNMP Notification Receivers

Matthew Hogg

Jan 08, 2024 / 1 min read

CVE-2023-51448 overview

The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-51448, a blind SQL injection (SQLi) vulnerability in Cacti.

Cacti is a performance and fault management framework written in PHP. It uses a variety of data collection methods to populate an RRDTool-based time series database (TSDB) with performance data, and offers a web user interface to view this performance data in graphs. Cacti is easily extensible for custom needs via its plugin system.

Due to insufficient sanitization when parsing the deserialized result of the ‘selected_graphs_array’ parameter, a crafted payload may trigger SQLi when the result is concatenated with a raw SQL query. Using a blind SQLi technique, an attacker can disclose Cacti database contents or trigger remote code execution (RCE).

CVE-2023-51448 exploitation

An attacker authenticated with any account that possesses the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint ‘/managers.php’ with an SQLi payload in the ‘selected_graphs_array’ HTTP GET parameter to trigger the vulnerability.

Affected software

Cacti version 1.2.25


Exploitation of this vulnerability would allow an attacker to disclose the entire contents of the Cacti database. It may also be escalated to RCE, as demonstrated with CVE-2023-49084.

CVSS Base Score: 8.3

CVSS 3.1 Vector: CVSS3.1/ AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

CVE-2023-51448 remediation

The vulnerability is patched as of commit 58a980f335980ab57659420053d89d4e721ae3fc on December 20, 2023.

CVE-2023-51448 discovery credit

This vulnerability was discovered by CyRC researcher Matthew Hogg.

Vulnerability discovery timeline

2023-09-18 – Vulnerability discovered.

2023-09-21 – Vendor notified.

2023-10-06 – Vendor accepted report.

2023-12-20 – Vulnerability published, and vendor fix released.

About CVSS

FIRST.Org, Inc (FIRST) is a non-profit organization based out of US that owns and manages CVSS. It is not required to be a member of FIRST to utilize or implement CVSS but FIRST does require any individual or organization give appropriate attribution while using CVSS. FIRST also states that any individual or organization that publishes scores follow the guideline so that anyone can understand how the score was calculated.

Continue Reading

Explore Topics