CVE-2023-39365
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-39365
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39365.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-39365
- Aliases
-
- GHSA-v5w7-hww7-2f22
- Downstream
- Related
- Published
- 2023-09-05T21:03:56Z
- Modified
- 2025-10-22T18:39:01.258998Z
- Severity
-
- 4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVSS Calculator
- Summary
- Unchecked regular expressions can lead to SQL Injection and data leakage in Cacti
- Details
-
Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Database specific
{ "cwe_ids": [ "CWE-89" ] }- References
-
- https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22
- https://www.debian.org/security/2023/dsa-5550
- https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
Affected packages
Git / github.com/cacti/cacti
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cacti/cacti
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
releaes/1.*
releaes/1.2.19
release/1.*
release/1.0.0
release/1.0.1
release/1.0.2
release/1.0.3
release/1.0.4
release/1.0.5
release/1.0.6
release/1.1.0
release/1.1.1
release/1.1.11
release/1.1.12
release/1.1.13
release/1.1.14
release/1.1.15
release/1.1.16
release/1.1.17
release/1.1.18
release/1.1.19
release/1.1.2
release/1.1.20
release/1.1.21
release/1.1.22
release/1.1.23
release/1.1.24
release/1.1.25
release/1.1.26
release/1.1.27
release/1.1.28
release/1.1.29
release/1.1.3
release/1.1.30
release/1.1.31
release/1.1.32
release/1.1.33
release/1.1.34
release/1.1.35
release/1.1.36
release/1.1.37
release/1.1.38
release/1.1.4
release/1.1.5
release/1.1.6
release/1.1.7
release/1.1.8
release/1.2.0
release/1.2.0-beta1
release/1.2.0-beta2
release/1.2.0-beta3
release/1.2.0-beta4
release/1.2.1
release/1.2.10
release/1.2.11
release/1.2.12
release/1.2.13
release/1.2.14
release/1.2.15
release/1.2.16
release/1.2.17
release/1.2.18
release/1.2.19
release/1.2.2
release/1.2.20
release/1.2.21
release/1.2.22
release/1.2.23
release/1.2.24
release/1.2.3
release/1.2.4
release/1.2.5
release/1.2.6
release/1.2.7
release/1.2.8
release/1.2.9