CVE-2025-24368

Medium CVSS: 6.9

Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.

Vendor

Cacti

Product

Cacti

CWE

CWE-89

Yayın Tarihi

2025-01-27 18:15:42

Güncelleme

2025-11-03 22:18:40

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-89 Cacti MEDIUM Cacti 2025

Referanslar

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c

Benzer Kayıtlar

High

CVE-2025-66399

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw i…

High

CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authen…

High

CVE-2025-26520

Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template paramete…

High

CVE-2025-24367

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation…

Critical

CVE-2025-22604

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, auth…

Medium

CVE-2024-54145

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_d…