CVE Daily – Cachet https://cvedaily.com/pages/tags/cachet.html CVE Daily – Cachet en Wed, 03 Jun 2026 21:27:08 +0000 [High] CVE-2023-43661 – Cachet, the open-source status page system. Prior to the 2.4 branch, a template ... https://nvd.nist.gov/vuln/detail/CVE-2023-43661 https://nvd.nist.gov/vuln/detail/CVE-2023-43661 Wed, 11 Oct 2023 20:15:10 +0000 High CVE-2023-43661

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.

CVSS: 8.8 · CWE: CWE-94

View on NVD

]]> [High] CVE-2021-39174 – Cachet is an open source status page system. Prior to version 2.5.1, authenticat... https://nvd.nist.gov/vuln/detail/CVE-2021-39174 https://nvd.nist.gov/vuln/detail/CVE-2021-39174 Sat, 28 Aug 2021 00:15:06 +0000 High CVE-2021-39174

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of…

CVSS: 8.8 · CWE: CWE-75

View on NVD

]]> [High] CVE-2021-39173 – Cachet is an open source status page system. Prior to version 2.5.1 authenticate... https://nvd.nist.gov/vuln/detail/CVE-2021-39173 https://nvd.nist.gov/vuln/detail/CVE-2021-39173 Fri, 27 Aug 2021 23:15:06 +0000 High CVE-2021-39173

Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the middleware `ReadyForUse`, which now performs a stricter validation of the instance name. As a workaroun…

CVSS: 8.8 · CWE: CWE-704

View on NVD

]]> [High] CVE-2021-39172 – Cachet is an open source status page system. Prior to version 2.5.1, authenticat... https://nvd.nist.gov/vuln/detail/CVE-2021-39172 https://nvd.nist.gov/vuln/detail/CVE-2021-39172 Fri, 27 Aug 2021 23:15:06 +0000 High CVE-2021-39172

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines c…

CVSS: 8.8 · CWE: CWE-93

View on NVD

]]> [High] CVE-2021-39165 – Cachet is an open source status page. With Cachet prior to and including 2.3.18,... https://nvd.nist.gov/vuln/detail/CVE-2021-39165 https://nvd.nist.gov/vuln/detail/CVE-2021-39165 Thu, 26 Aug 2021 21:15:10 +0000 High CVE-2021-39165

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet is not active, t…

CVSS: 8.1 · CWE: CWE-89

View on NVD

]]>