daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

reference & matcher update

patch-1
Ritik Chaddha 2023-09-06 17:37:50 +05:30 committed by GitHub
parent 469b7f7049
commit d103f3140c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
http/cves/2023/CVE-2023-39361.yaml
View File

@ -8,7 +8,7 @@ info:
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
reference:
- https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg
- https://cve.report/CVE-2023-4634
- https://nvd.nist.gov/vuln/detail/CVE-2023-39361
classification:
cve-id: CVE-2023-39361
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@ -32,5 +32,5 @@ http:
dsl:
- 'duration>=10'
- 'status_code == 200'
- 'contains_all(body, "var treeView=", "cacti")'
- 'contains_all(body, "Tree Mode", "cacti")'
condition: and