CVE-2021-39165— Unauthenticated SQL Injection
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-39165
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated SQL Injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Github Cachet SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Github Cachet是一个应用软件。一个开源状态页面系统。 Cachet 2.3.18之前版本存在SQL注入漏洞,未经身份验证的攻击者可以利用此漏洞从数据库中窃取敏感数据,例如管理员密码和会话。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2021-39165
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Github repository which contains a functional exploit for CVE-2021-39165 | https://github.com/W0rty/CVE-2021-39165 | POC Details |
| 2 | Python3 POC for CVE-2021-39165 in CachetHQ | https://github.com/manbolq/CVE-2021-39165 | POC Details |
| 3 | Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-39165.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-39165
请登录查看更多情报信息。
- https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqcx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-39165
IV. Related Vulnerabilities
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2021-39165
No comments yet