CVE-2023-51448 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-51448 Interim 1 8 2026-03-05T03:32:13Z current 2023-12-25T00:08:49Z 2026-03-05T03:32:13Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-51448 Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `'managers.php'`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `'/cacti/managers.php'` with an SQLi payload in the `'selected_graphs_array'` HTTP GET parameter. As of time of publication, no patched versions exist. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IZJKJNYP7JFJ3XMRIGZT22J5DIAVPSY7/ E-Mail link for openSUSE-SU-2024:0031-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 SUSE Package Hub 15 SP5 openSUSE Leap 15.5 openSUSE Tumbleweed cacti-1.2.26-1.1 cacti-1.2.26-38.1 cacti-1.2.26-bp155.2.6.1 cacti-spine-1.2.26-32.1 cacti-spine-1.2.26-bp155.2.6.1 cacti-1.2.26-38.1 as a component of SUSE Package Hub 12 cacti-spine-1.2.26-32.1 as a component of SUSE Package Hub 12 cacti-1.2.26-bp155.2.6.1 as a component of SUSE Package Hub 15 SP5 cacti-spine-1.2.26-bp155.2.6.1 as a component of SUSE Package Hub 15 SP5 cacti-1.2.26-bp155.2.6.1 as a component of openSUSE Leap 15.5 cacti-spine-1.2.26-bp155.2.6.1 as a component of openSUSE Leap 15.5 cacti-1.2.26-1.1 as a component of openSUSE Tumbleweed Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `'managers.php'`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `'/cacti/managers.php'` with an SQLi payload in the `'selected_graphs_array'` HTTP GET parameter. As of time of publication, no patched versions exist. CVE-2023-51448 SUSE Package Hub 12:cacti-1.2.26-38.1 SUSE Package Hub 12:cacti-spine-1.2.26-32.1 SUSE Package Hub 15 SP5:cacti-1.2.26-bp155.2.6.1 SUSE Package Hub 15 SP5:cacti-spine-1.2.26-bp155.2.6.1 openSUSE Leap 15.5:cacti-1.2.26-bp155.2.6.1 openSUSE Leap 15.5:cacti-spine-1.2.26-bp155.2.6.1 openSUSE Tumbleweed:cacti-1.2.26-1.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H