CVE-2021-39165

Publication date

2021-08-26 20:25:12

Family

GitHub_M

State

PUBLISHED

Description

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrators password and session. The original repository of Cachet is not active, the stable version 2.3.18 and its developing 2.4 branch is affected.