Cachet 2.4: Code Execution via Laravel Configuration Injection

Status pages are now an essential service offered by all Software-as-a-Service companies we do it too!. To help their adoption, startups quickly conceived status pages as-a-service, and open-source self-hosted alternatives were made available. Cachet, also sometimes referred to as CachetHQ, is a...

Unauthenticated SQL Injection in Cachet

Impact In Cachet versions through 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. Patches The original reposito...