{"vulnerability": "CVE-2023-51448", "sightings": [{"uuid": "db0e1cf5-8adc-494c-a2a4-9b109c00164a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51448", "type": "seen", "source": "https://t.me/arpsyndicate/2682", "content": "#ExploitObserverAlert\n\nCVE-2023-51448\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-51448. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `\u2018managers.php\u2019`. An authenticated attacker with the \u201cSettings/Utilities\u201d permission can send a crafted HTTP GET request to the endpoint `\u2018/cacti/managers.php\u2019` with an SQLi payload in the `\u2018selected_graphs_array\u2019` HTTP GET parameter. As of time of publication, no patched versions exist.\n\nFIRST-EPSS: 0.000710000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2024-01-08T21:24:29.000000Z"}, {"uuid": "a6ced45a-01de-49cf-b801-65eb87378273", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51448", "type": "seen", "source": "https://t.me/arpsyndicate/2183", "content": "#ExploitObserverAlert\n\nCVE-2023-51448\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-51448. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `\u2018managers.php\u2019`. An authenticated attacker with the \u201cSettings/Utilities\u201d permission can send a crafted HTTP GET request to the endpoint `\u2018/cacti/managers.php\u2019` with an SQLi payload in the `\u2018selected_graphs_array\u2019` HTTP GET parameter. As of time of publication, no patched versions exist.", "creation_timestamp": "2023-12-28T03:04:51.000000Z"}, {"uuid": "3e2a5ea8-2b7b-420e-81b0-82b4311737dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51448", "type": "seen", "source": "https://t.me/ctinow/160714", "content": "https://ift.tt/HzDLWgQ\nCVE-2023-51448 Exploit", "creation_timestamp": "2023-12-29T23:16:48.000000Z"}, {"uuid": "276ba95a-10d3-421f-9239-495a1ffa87d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51448", "type": "seen", "source": "https://t.me/ctinow/165003", "content": "https://ift.tt/3kvfDsG\nSQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)", "creation_timestamp": "2024-01-09T13:41:42.000000Z"}, {"uuid": "214782df-f00e-4d2c-8715-d8cb0ce6d26b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51448", "type": "seen", "source": "https://t.me/ctinow/158521", "content": "https://ift.tt/vtwkMG4\nCVE-2023-51448", "creation_timestamp": "2023-12-22T18:23:34.000000Z"}]}