{"uuid": "db0e1cf5-8adc-494c-a2a4-9b109c00164a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51448", "type": "seen", "source": "https://t.me/arpsyndicate/2682", "content": "#ExploitObserverAlert\n\nCVE-2023-51448\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-51448. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `\u2018managers.php\u2019`. An authenticated attacker with the \u201cSettings/Utilities\u201d permission can send a crafted HTTP GET request to the endpoint `\u2018/cacti/managers.php\u2019` with an SQLi payload in the `\u2018selected_graphs_array\u2019` HTTP GET parameter. As of time of publication, no patched versions exist.\n\nFIRST-EPSS: 0.000710000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2024-01-08T21:24:29.000000Z"}