CVE-2021-39165

HIGH NUCLEI

Chachethq Cachet < 2.3.18 - Authentication Bypass

Title source: rule

Description

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.

Exploits (2)

nomisec WORKING POC 22 stars

by W0rty · poc

https://github.com/W0rty/CVE-2021-39165

View Code ZIP pw:eip

nomisec WORKING POC

by manbolq · poc

https://github.com/manbolq/CVE-2021-39165

View Code ZIP pw:eip

Nuclei Templates (1)

Cachet <=2.3.18 - SQL Injection

MEDIUMVERIFIEDby tess

Shodan: http.favicon.hash:-1606065523

FOFA: icon_hash=-1606065523

References (2)

[Patch, Third Party Advisory] https://github.com/fiveai/Cachet/commit/27bca8280419966ba80c6fa283d985ddffa84bb6

[Third Party Advisory] https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqc

Scores

CVSS v3 8.1

EPSS 0.8938

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-287 CWE-89

Status published

Products (2)

cachethq/cachet 0Packagist

chachethq/cachet < 2.3.18

Published Aug 26, 2021

Tracked Since Feb 18, 2026