ET WEB_SPECIFIC_APPS Cacti graph_view.php rfilter parameter SQL Injection Attempt (CVE-2023-39361)
Sourceet/open
CreatedMay 19, 2026
UpdatedMay 19, 2026
Classificationattempted-admin
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cacti graph_view.php rfilter parameter SQL Injection Attempt (CVE-2023-39361)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/graph|5f|view|2e|php|3f|"; fast_pattern; content:"action|3d|tree_content"; content:"node|3d|1|2d|1|2d|tree|5f|anchor"; content:"rfilter|3d|"; pcre:"/^[^<]*?(?:\x27|%27|-{2}|%2d%2d)?(?:(?:S(?:HOW.+(?:C(?:UR(?:DAT|TIM)E|HARACTER.+SET)|(?:VARI|T)ABLES)|ELECT.+(?:FROM|USER|SLEEP|CONCAT|CASE))|U(?:NION.+SELEC|PDATE.+SE)T|DELETE.+FROM|INSERT.+INTO)|S(?:HOW.+(?:C(?:HARACTER.+SET|UR(DATE|TIME))|(?:VARI|T)ABLES)|ELECT.+(?:FROM|USER))|U(?:NION.+SELEC|PDATE.+SE)T|(?:NULL(?:\x2c|%2[cC])){2,}|(?:\x2f|%2[fF])(?:\x2a|%2[aA]).+(?:\x2a|%2[aA]).+(?:\x2f|%2[fF])|CONCAT.+SELECT|EXTRACTVALUE|UNION.+ALL)/Ri"; reference:url,github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg; reference:cve,2023-39361; classtype:attempted-admin; sid:2069337; rev:1; metadata:affected_product Cacti, attack_target Web_Server, tls_state plaintext, created_at 2026_05_19, cve CVE_2023_39361, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2026_05_19, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
Metadata
affected productCacti
attack targetWeb_Server
tls stateplaintext
created at2026_05_19
deploymentInternal
performance impactLow
confidenceHigh
signature severityMajor
tagExploit
updated at2026_05_19
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!