close search bar

Sorry, not available in this language yet

close language selection

CyRC Vulnerability Advisory: CVE-2023-51448 Blind SQL Injection in SNMP Notification Receivers

Matthew Hogg

Jan 08, 2024 / 1 min read

Table of Contents

CVE-2023-51448 overview

The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-51448, a blind SQL injection (SQLi) vulnerability in Cacti.

Cacti is a performance and fault management framework written in PHP. It uses a variety of data collection methods to populate an RRDTool-based time series database (TSDB) with performance data, and offers a web user interface to view this performance data in graphs. Cacti is easily extensible for custom needs via its plugin system.

Due to insufficient sanitization when parsing the deserialized result of the ‘selected_graphs_array’ parameter, a crafted payload may trigger SQLi when the result is concatenated with a raw SQL query. Using a blind SQLi technique, an attacker can disclose Cacti database contents or trigger remote code execution (RCE).

CVE-2023-51448 exploitation

An attacker authenticated with any account that possesses the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint ‘/managers.php’ with an SQLi payload in the ‘selected_graphs_array’ HTTP GET parameter to trigger the vulnerability.

Affected software

Cacti version 1.2.25

Impact

Exploitation of this vulnerability would allow an attacker to disclose the entire contents of the Cacti database. It may also be escalated to RCE, as demonstrated with CVE-2023-49084.

CVSS Base Score: 8.3

CVSS 3.1 Vector: CVSS3.1/ AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

CVE-2023-51448 remediation

The vulnerability is patched as of commit 58a980f335980ab57659420053d89d4e721ae3fc on December 20, 2023.

CVE-2023-51448 discovery credit

This vulnerability was discovered by CyRC researcher Matthew Hogg.

Vulnerability discovery timeline

2023-09-18 – Vulnerability discovered.

2023-09-21 – Vendor notified.

2023-10-06 – Vendor accepted report.

2023-12-20 – Vulnerability published, and vendor fix released.

References

http://www.cacti.net/

https://github.com/Cacti/cacti

Patch - https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc

CVE-2023-51448 - https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594

CVE-2023-49084 - https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp

About CVSS

FIRST.Org, Inc (FIRST) is a non-profit organization based out of US that owns and manages CVSS. It is not required to be a member of FIRST to utilize or implement CVSS but FIRST does require any individual or organization give appropriate attribution while using CVSS. FIRST also states that any individual or organization that publishes scores follow the guideline so that anyone can understand how the score was calculated.

Learn more about the CyRC

Continue Reading

Accelerate application code fixes with AI-powered Polaris Assist

Accelerate application code fixes with AI-powered Polaris Assist

Corey Hamilton
By Corey Hamilton

Apr 30, 2024 / 3 min read

Tags: Artificial Intelligence, Software Integrity, Security News & Trends, Build Security into DevOps
Top 10 free pen tester tools

Top 10 free pen tester tools

Natalie Lightner
By Natalie Lightner

Apr 11, 2024 / 5 min read

Tags: Software Integrity, Security News & Trends, Pen Testing, Web AppSec, Manage Security Risks
Introducing fAST Dynamic: Streamlining dynamic application security testing

Introducing fAST Dynamic: Streamlining dynamic application security testing

Vishrut Iyengar
By Vishrut Iyengar

Mar 19, 2024 / 3 min read

Tags: DAST, Software Integrity, Security News & Trends, Build Security into DevOps

Explore Topics

Agile, CI/CD
AppSec Best Practices
Artificial Intelligence
Automotive
Build Security into DevOps
Cloud Security
Compliance
Container Security
CyRC
DevSecOps
DAST
Financial Services
Fuzzing
Healthcare
IAST
Internet of Things
M&A
Manage Security Risks
Medical Devices
Mobile
Orchestration & Correlation
OSS License Compliance
Pen Testing
Program Strategy & Planning
Public Sector
SAST
SCA
Secure the Software Supply Chain
Security News & Trends
Threat Modeling
Threat & Risk Assessment
Training
Web Application Security