CVE-2024-31458
CVSS v3.1
4.6 (Medium)
EPSS
0.04 % (10th)
Advisories
3
NVD Status
Awaiting Analysis
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in form_save()
function in graph_template_inputs.php
is not thoroughly checked and is used to concatenate the SQL statement in draw_nontemplated_fields_graph_item()
function from lib/html_form_templates.php
, finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.
Weaknesses
- CWE-89
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- CVE Status
- PUBLISHED
- NVD Status
- Awaiting Analysis
- CNA
- GitHub, Inc.
- Published Date
-
2024-05-14 15:25:25
(4 months ago) - Updated Date
-
2024-06-10 17:16:26
(3 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...