Amazon Linux 1 Security Advisory: ALAS-2024-1915
Advisory Release Date: 2024-02-01 19:33 Pacific
Advisory Updated Date: 2024-02-01 19:33 Pacific
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `'managers.php'`. An authenticated attacker with the "Settings/Utilities" permission can send a crafted HTTP GET request to the endpoint `'/cacti/managers.php'` with an SQLi payload in the `'selected_graphs_array'` HTTP GET parameter. As of time of publication, no patched versions exist. (CVE-2023-51448)
Affected Packages:
cacti
Issue Correction:
Run yum update cacti to update your system.
noarch:
cacti-1.1.19-6.24.amzn1.noarch
src:
cacti-1.1.19-6.24.amzn1.src