CVE-2021-39165

HIGH NUCLEI

Cachet <= 2.3.18 - Unauthenticated SQL Injection via SearchableTrait

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-39165. PoCs published by W0rty, manbolq. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2021-39165, a SQL injection vulnerability in Cachet versions prior to 2.3.18 and 2.4.0-dev. The exploit automates the extraction of user passwords via time-based SQL injection.

Description

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.

Exploits (2)

nomisec WORKING POC 22 stars

by W0rty · poc

https://github.com/W0rty/CVE-2021-39165

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2021-39165, a SQL injection vulnerability in Cachet versions prior to 2.3.18 and 2.4.0-dev. The exploit automates the extraction of user passwords via time-based SQL injection.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Cachet prior to 2.3.18 and 2.4.0-dev

No auth needed

Prerequisites: Target URL · Valid user account (default: admin)

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by manbolq · poc

https://github.com/manbolq/CVE-2021-39165

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2021-39165, a time-based SQL injection vulnerability in CachetHQ. The exploit includes both vulnerability checking and arbitrary SQL query execution capabilities.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: CachetHQ

No auth needed

Prerequisites: Target URL · Network access to the vulnerable CachetHQ instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Cachet <=2.3.18 - SQL Injection

MEDIUMVERIFIEDby tess

Shodan: http.favicon.hash:-1606065523

FOFA: icon_hash=-1606065523

References (2)

Core 2

Core References

Third Party Advisory x_refsource_confirm

https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqc

Patch, Third Party Advisory x_refsource_misc

https://github.com/fiveai/Cachet/commit/27bca8280419966ba80c6fa283d985ddffa84bb6

View Patch ZIP pw:eip

Scores

CVSS v3 8.1

EPSS 0.8041

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-287 CWE-89

Status published

Products (2)

cachethq/cachet 0Packagist

chachethq/cachet < 2.3.18

Published Aug 26, 2021

Tracked Since Feb 18, 2026