Home > Vulnerability Database > CVE-2023-43661

Mend.io Vulnerability Database

CVE-2023-43661

Date: October 11, 2023

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.

Language: PHP

Severity Score

8.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-43661

Url: https://github.com/cachethq/cachet/commit/6fb043e109d2a262ce3974e863c54e9e5f5e0587

Url: https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p

Url: https://www.mend.io/vulnerability-database/CVE-2023-43661

Severity Score

8.8

Weakness Type (CWE)

Code Injection

CWE-94

Injection

CWE-74

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-43661

Date: October 11, 2023

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?