Cachet <=2.3.18 - SQL Injection

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...

EUVD-2021-1857

Malware in sbrugna...

Malicious code in @leaffm/leaf-connect-remi-cachet (npm)

The package @leaffm/leaf-connect-remi-cachet was found to contain malicious code...

MAL-2025-8399 Malicious code in @leaffm/leaf-connect-remi-cachet (npm)

The package @leaffm/leaf-connect-remi-cachet was found to contain malicious code...

CVE-2023-43661

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch...

CVE-2021-39172

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...

CVE-2021-39174

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. This issue was...

CVE-2021-39165

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...

CVE-2021-39173

Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...

Cachet vulnerable to Authenticated Remote Code Execution

Summary A template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Within /cachet/app/Http/Routes/ApiRoutes.php, and attacker could control template input which is passed to laravel's dispatched...

GHSA-HV79-P62R-WG3P Cachet vulnerable to Authenticated Remote Code Execution

Summary A template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Within /cachet/app/Http/Routes/ApiRoutes.php, and attacker could control template input which is passed to laravel's dispatched...

Remote Code Execution (RCE)

cachethq/cachet is vulnerable to Remote Code Execution RCE. The vulnerability is caused by a flaw in the way Cachet handles twig templates. An attacker is able to exploit this flaw by injecting malicious code into a template, which will then be executed when the template is rendered...

CVE-2023-43661

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch...

Design/Logic Flaw

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch...

CVE-2023-43661 Cachet vulnerable to Authenticated Remote Code Execution

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch...

CVE-2023-43661 Cachet vulnerable to Authenticated Remote Code Execution

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch...

CVE-2023-43661

CVE-2023-43661 (Cachet) affects Cachet prior to the 2.4 branch, where the template functionality could let an attacker execute code on the server due to inadequate input filtration and an old Twig version. The issue is mitigated by a patch in the 2.4 branch (commit 6fb043e109d2a262ce3974e863c54e9...

CVE-2023-43661 Cachet vulnerable to Authenticated Remote Code Execution

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch...

Github Cachet Injection Vulnerability

Github Cachet is a software application. An open source status page system. An injection vulnerability exists in versions of Cachet prior to 2.4 that stems from allowing users to execute arbitrary code during poor filtering and older twig versions via the Create Template feature...

PT-2023-28906 · Cachet +1 · Cachet +1

Name of the Vulnerable Software and Affected Versions: Cachet versions prior to 2.4 Description: A template functionality in Cachet allows users to create templates, which can lead to the execution of any code on the server due to bad filtration and an old twig version. This issue can be exploite...