5 matches found
Exploit for Improper Authentication in Chachethq Cachet
CVE-2021-39165 Python3 POC for CVE-2021-39165 in CachetHQ...
CachetHQ Cachet Remote Code Execution (CVE-2021-39172)
A remote code execution vulnerability exists in CachetHQ Cachet. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
SQL Injection
cachethq/cachet is vulnerable to SQL injection. An unauthenticated attacker is able to inject and execute arbitrary SQL statements to obtain confidential information via SearchableTraitscopeSearch...
Information Leakage
cachethq/cachet is vulnerable to information leakage. Configuration values of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc are exposed in UpdateConfigCommandHandler due to the use of nested variables in the resulting dotenv configuration file...
Sql injection
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...