1.2.28

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cacti

critical

NVD

Published: 2025-02-12

Updated: 2025-02-12

Summary

Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.

Vulnerable Configurations

Part	Description	Count
Application	Cacti Cacti Cacti 1.2.27 Cacti Cacti 1.2.28	2

References

https://github.com/Cacti/cacti/commit/7fa60c03ad4a69c701ac6b77c85a8927df7acd51
https://github.com/Cacti/cacti/pull/6096