CVE-2023-46490: SQL Injection
First published: Fri Oct 27 2023(Updated: )
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cacti Cacti | =1.2.25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the SQL Injection vulnerability in Cacti v1.2.25?
The vulnerability ID for the SQL Injection vulnerability in Cacti v1.2.25 is CVE-2023-46490.
What is the severity of CVE-2023-46490?
The severity of CVE-2023-46490 is medium, with a CVSS score of 6.5.
How does the SQL Injection vulnerability in Cacti v1.2.25 occur?
The SQL Injection vulnerability in Cacti v1.2.25 occurs due to improper input validation in the form_actions() function in the managers.php file.
What can a remote attacker achieve through the SQL Injection vulnerability in Cacti v1.2.25?
A remote attacker can obtain sensitive information through the SQL Injection vulnerability in Cacti v1.2.25.
How can I fix the SQL Injection vulnerability in Cacti v1.2.25?
To fix the SQL Injection vulnerability in Cacti v1.2.25, update to a version that is not affected by this vulnerability.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/mitre-cve
- collector/nvd-api
- vendor/cacti
- canonical/cacti cacti
- version/cacti cacti/1.2.25