- Vulnerability/
- ZDI-23-1500
ZDI-23-1500: Cacti graph_view SQL Injection Authentication Bypass Vulnerability
First published: Wed Oct 04 2023(Updated: )
This vulnerability allows remote attackers to bypass authentication or escalate privileges on affected installations of Cacti. Authentication is required to exploit this vulnerability when the product is in its default configuration. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-39365.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cacti Cacti |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is ZDI-23-1500?
ZDI-23-1500 is a Cacti graph_view SQL Injection Authentication Bypass Vulnerability.
What is the severity of ZDI-23-1500?
The severity of ZDI-23-1500 is high with a CVSS score of 8.8.
Who is affected by ZDI-23-1500?
Any installation of Cacti in its default configuration is affected by ZDI-23-1500.
How can ZDI-23-1500 be exploited?
ZDI-23-1500 can be exploited by remote attackers to bypass authentication or escalate privileges in affected installations of Cacti.
Is authentication required to exploit ZDI-23-1500?
Yes, authentication is required to exploit ZDI-23-1500 when Cacti is in its default configuration.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/zdi-advisory
- alias/ZDI-23-1500
- alias/ZDI-CAN-20767
- alias/CVE-2023-39365
- vendor/cacti
- canonical/cacti cacti