Описание
Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cacti | fixed | 1.2.30+ds1-1 | package | |
| cacti | not-affected | bookworm | package | |
| cacti | not-affected | bullseye | package |
Примечания
Proposed fix: https://github.com/Cacti/cacti/pull/6096
Fixed by: https://github.com/Cacti/cacti/commit/7fa60c03ad4a69c701ac6b77c85a8927df7acd51 (release/1.2.30)
EPSS
Связанные уязвимости
Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.
Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.
Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.
Уязвимость функции шаблона в host_templates.php программного средства мониторинга сети Cacti, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS