{"vulnerability": "CVE-2023-39362", "sightings": [{"uuid": "caca8318-4634-41a6-bfc5-17dacad667f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39362", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5090", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aWARNING: This is a vulnerable application to test the exploit for the Cacti command injection (CVE-2023-39362). Run it at your own risk!\nURL\uff1ahttps://github.com/m3ssap0/cacti-rce-snmp-options-vulnerable-application\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-09-07T03:45:01.000000Z"}, {"uuid": "3f877c41-53f9-4b07-9e25-8d6bb8ebb615", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39362", "type": "published-proof-of-concept", "source": "Telegram/d-h1tNVxBMIWi-V5BEkRbumoEaEnzhRSDBHrSUbdASM9", "content": "", "creation_timestamp": "2023-10-22T22:36:24.000000Z"}, {"uuid": "242fd421-cc7c-4c5a-9968-3fd9865b43ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39362", "type": "seen", "source": "https://t.me/cibsecurity/69920", "content": "\u203c CVE-2023-39362 \u203c\n\nCacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T02:17:30.000000Z"}]}