CVEs-PoC/2021/CVE-2021-39165.md

### [CVE-2021-39165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39165)
![](https://img.shields.io/static/v1?label=Product&message=Cachet&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%202.3.18%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%3A%20Improper%20Authentication&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brightgreen)

### Description

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/W0rty/CVE-2021-39165
- https://github.com/WhooAmii/POC_to_review
- https://github.com/hadrian3689/cachet_2.4.0-dev
- https://github.com/manbolq/CVE-2021-39165
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/soosmile/POC
- https://github.com/trhacknon/Pocingit
- https://github.com/zecool/cve