cbcvebase.
CVE-2023-39358
published 2023-09-05

CVE-2023-39358: Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows…

PriorityP258high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.69%
74.2th percentile
Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.php` file. In `ajax_get_branches`, the `tree_id` parameter is passed to the `reports_get_branch_select` function without any validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected

7 ranges
VendorProductVersion rangeFixed in
cacticacti< 1.2.251.2.25
cacticacti>= 0 < 1.2.24+ds1-1+deb12u11.2.24+ds1-1+deb12u1
cacticacti>= 0 < 1.2.25+ds1-11.2.25+ds1-1
cacticacti>= 0 < 1.2.25+ds1-11.2.25+ds1-1
debiancacti< cacti 1.2.24+ds1-1+deb12u1 (bookworm)cacti 1.2.24+ds1-1+deb12u1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable file is `reports_user.php`; monitor for SQL injection attempts targeting this file, specifically in the `ajax_get_branches` function via the `tree_id` parameter
  • ·Exploitation requires authentication; focus detection on authenticated sessions making requests to reports_user.php with anomalous `tree_id` values (e.g., SQL metacharacters, UNION/SELECT payloads)
  • ·Fixed in Cacti version 1.2.25 (and 1.2.24+ds1-1+deb12u1 for Debian bookworm); instances running versions prior to 1.2.25 remain vulnerable

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.