{"uuid": "a6ced45a-01de-49cf-b801-65eb87378273", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51448", "type": "seen", "source": "https://t.me/arpsyndicate/2183", "content": "#ExploitObserverAlert\n\nCVE-2023-51448\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-51448. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `\u2018managers.php\u2019`. An authenticated attacker with the \u201cSettings/Utilities\u201d permission can send a crafted HTTP GET request to the endpoint `\u2018/cacti/managers.php\u2019` with an SQLi payload in the `\u2018selected_graphs_array\u2019` HTTP GET parameter. As of time of publication, no patched versions exist.", "creation_timestamp": "2023-12-28T03:04:51.000000Z"}