CVE-2023-51448: 
Cacti vulnerability analysis and mitigation

A Blind SQL Injection (SQLi) vulnerability (CVE-2023-51448) was discovered in Cacti version 1.2.25, specifically within the SNMP Notification Receivers feature in the 'managers.php' file. The vulnerability was discovered by Synopsys CyRC researcher Matthew Hogg and disclosed in December 2023. Cacti, which provides an operational monitoring and fault management framework, is commonly used in network operation centers of telecoms and web hosting providers (GitHub Advisory, HelpNet Security).

The vulnerability exists in the 'form_actions' function within managers.php. An authenticated attacker with 'Settings/Utilities' permission can exploit this by sending a crafted HTTP GET request to '/cacti/managers.php' with an SQLi payload in the 'selected_graphs_array' parameter. The vulnerability stems from insufficient sanitization in the 'get_nfilter_request_var' function and 'stripslashes' operations, which fail to properly sanitize user input before it's used in SQL queries. The CVSS v3.1 base score is 8.8 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (GitHub Advisory).

The exploitation of this vulnerability could lead to the disclosure of all Cacti database contents through time-based blind SQLi techniques. Depending on the database configuration, attackers might achieve arbitrary file read capabilities, and potentially even remote code execution via arbitrary file write operations (GitHub Advisory, HelpNet Security).

Users are advised to upgrade to Cacti version 1.2.26 or later, which includes fixes for this vulnerability. As of the initial disclosure, no immediate patched versions were available, but subsequent releases have addressed this security issue (Fedora Update).