CVE-2023-39358: 
Cacti vulnerability analysis and mitigation

Cacti, an open source operational monitoring and fault management framework, was found to contain an authenticated SQL injection vulnerability (CVE-2023-39358) that was disclosed on September 5, 2023. The vulnerability affects versions prior to 1.2.25 and allows authenticated users to perform privilege escalation and remote code execution (GitHub Advisory).

The vulnerability resides in the reports_user.php file, specifically in the ajax_get_branches function where the tree_id parameter is passed to the reports_get_branch_select function without proper validation. The SQL injection occurs when the treeid variable is directly used in the WHERE clause of the SQL statement when the treeid variable is greater than 0. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 HIGH with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (GitHub Advisory).

This vulnerability presents a significant security risk as it allows authenticated users to exploit the SQL injection vulnerability to escalate privileges and execute remote code, potentially compromising the system's integrity and confidentiality. Since the application accepts stacked queries, attackers can achieve remote code execution by modifying the 'pathphpbinary' value in the database (GitHub Advisory).

The vulnerability has been patched in Cacti version 1.2.25. Users are strongly advised to upgrade to this version or later. There are no known workarounds for this vulnerability (GitHub Advisory, Fedora Update).