Description
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594
Exploit, Vendor Advisory x_refsource_misc
https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/managers.php#L941
Scores
CVSS v3
8.8
EPSS
0.3208
EPSS Percentile
96.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
cacti/cacti
1.2.25
Published
Dec 22, 2023
Tracked Since
Feb 18, 2026