Vulnerabilities > CVE-2023-37543 - Authorization Bypass Through User-Controlled Key vulnerability in Cacti
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj
- https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj
- https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed
- https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed