CVE-2023-39365

MEDIUM Year: 2023
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2005-4349

MEDIUM
CVSS:6.3(Medium)

SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the...

CWE-892005

CVE-2012-3336

MEDIUM
CVSS:6.3(Medium)

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attack...

CWE-892012

CVE-2015-7791

MEDIUM
CVSS:6.3(Medium)

Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column...

CWE-892015

CVE-2016-2301

MEDIUM
CVSS:6.3(Medium)

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CWE-892016

CVE-2016-5939

MEDIUM
CVSS:6.3(Medium)

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the ...

CWE-892016

CVE-2017-1722

MEDIUM
CVSS:6.3(Medium)

IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inform...

CWE-892017