1. Home
  2. Vulnerabilities
  3. CVE-2024-31458

CVE-2024-31458

CVSS v3.1 4.6 (Medium)
46% Progress
EPSS 0.04 % (10th)
0.04% Progress
Advisories 3
NVD Status Awaiting Analysis
Info CVSS EPSS CAPEC References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in form_save() function in graph_template_inputs.php is not thoroughly checked and is used to concatenate the SQL statement in draw_nontemplated_fields_graph_item() function from lib/html_form_templates.php , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.

Weaknesses
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
GitHub, Inc.
Published Date
2024-05-14 15:25:25
(4 months ago)
Updated Date
2024-06-10 17:16:26
(3 months ago)