Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-37543

Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.

Published

2023-08-10T15:15:09.397

Last Modified

2024-11-21T08:11:54.123

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cacti	cacti	< 1.2.6	Yes

References

https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj Broken Link ([email protected])
https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed ([email protected])
https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed (af854a3a-2127-422b-91ae-364da2661108)