CVE-2023-46490

Опубликовано: 27 окт. 2023

Источник: debian

EPSS Низкий

Описание

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
cacti	fixed	1.2.26+ds1-1		package
cacti	no-dsa		bookworm	package
cacti	no-dsa		bullseye	package
cacti	not-affected		buster	package

Примечания

https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c (not public yet)
https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53
Checking the above link, this is probably a duplicate of CVE-2023-51448, hence related to CVE-2023-30534
Duplicate reported at MITRE 2024-02-20 (CVE Request 1607585)
https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc (release/1.2.26)

EPSS

Процентиль: 43%

0.00207

Низкий

Связанные уязвимости

CVE-2023-46490

CVSS3: 6.5

ubuntu

больше 2 лет назад

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.

CVE-2023-46490

CVSS3: 6.5

nvd

больше 2 лет назад

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.

GHSA-6xmf-7cqj-2h8m

CVSS3: 6.5

github

больше 2 лет назад

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.

EPSS

Процентиль: 43%

0.00207

Низкий