In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
References
Configurations
History
07 Nov 2023, 03:05
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-09-23 15:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-16723
Mitre link : CVE-2019-16723
CVE.ORG link : CVE-2019-16723
JSON object : View
Products Affected
cacti
- cacti
CWE
CWE-639
Authorization Bypass Through User-Controlled Key