CVE-2024-54146

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.29

Description Cacti is an open source performance and fault management framework. It has a SQL injection vulnerability in the template function of host templates.php using the graph template parameter. This issue allows a remote attacker to execute arbitrary code due to inadequate protection of the SQL query structure.

Recommendations For versions prior to 1.2.29, update to version 1.2.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the host templates.php template function until a patch is available. Avoid using the graph template parameter in the affected template function until the issue is resolved.