Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-31445

Опубликовано: 14 мая 2024
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS3: 8.8

Описание

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in automation_get_new_graphs_sql function of api_automation.php allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In api_automation.php line 856, the get_request_var('filter') is being concatenated into the SQL statement without any sanitization. In api_automation.php line 717, The filter of 'filter' is FILTER_DEFAULT, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.

РелизСтатусПримечание
devel

not-affected

1.2.27+ds1-2
esm-apps/bionic

released

1.1.38+ds1-1ubuntu0.1~esm3
esm-apps/focal

released

1.2.10+ds1-1ubuntu1.1
esm-apps/jammy

released

1.2.19+ds1-2ubuntu1.1
esm-apps/noble

released

1.2.26+ds1-1ubuntu0.1
esm-apps/xenial

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
focal

released

1.2.10+ds1-1ubuntu1.1
jammy

released

1.2.19+ds1-2ubuntu1.1
mantic

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 97%
0.39471
Средний

8.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-31445

CVSS3: 8.8
nvd
больше 1 года назад

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.

debian логотип

CVE-2024-31445

CVSS3: 8.8
debian
больше 1 года назад

Cacti provides an operational monitoring and fault management framewor ...

fstec логотип

BDU:2024-04180

CVSS3: 8.8
fstec
больше 1 года назад

Уязвимость функции automation_get_new_graphs_sql программного средства мониторинга сети Cacti, позволяющая нарушителю выполнять произвольные SQL-запросы

suse-cvrf логотип

openSUSE-SU-2024:0276-1

suse-cvrf
больше 1 года назад

Security update for cacti, cacti-spine

suse-cvrf логотип

openSUSE-SU-2024:0274-1

suse-cvrf
больше 1 года назад

Security update for cacti, cacti-spine

EPSS

Процентиль: 97%
0.39471
Средний

8.8 High

CVSS3