CVE-2025-26520

High CVSS: 7.6

Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.

Vendor

Cacti

Product

Cacti

CWE

CWE-89

Yayın Tarihi

2025-02-12 07:15:08

Güncelleme

2025-03-03 14:52:47

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Cacti HIGH Cacti 2025

Referanslar

https://github.com/Cacti/cacti/commit/7fa60c03ad4a69c701ac6b77c85a8927df7acd51 https://github.com/Cacti/cacti/pull/6096

Benzer Kayıtlar

High

CVE-2025-66399

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw i…

High

CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authen…

High

CVE-2025-24367

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation…

Medium

CVE-2025-24368

Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php…

Critical

CVE-2025-22604

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, auth…

Medium

CVE-2024-54145

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_d…