Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2021-39165

Description

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.

POC

Reference

No PoCs from references.

Github

- https://github.com/ARPSyndicate/cvemon

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/SYRTI/POC_to_review

- https://github.com/W0rty/CVE-2021-39165

- https://github.com/WhooAmii/POC_to_review

- https://github.com/hadrian3689/cachet_2.4.0-dev

- https://github.com/manbolq/CVE-2021-39165

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/soosmile/POC

- https://github.com/trhacknon/Pocingit

- https://github.com/zecool/cve