012Git012

**Name of the Vulnerable Software and Affected Versions** Cacti versions 1.2.25 and prior **Description** The issue is related to a lack of protection in the SQL query structure of the Cacti network monitoring tool, specifically in the `pollers.php` script. This allows an authorized user to execute arbitrary SQL code, potentially leading to the execution of arbitrary code by a remote attacker. The vulnerable component is the `pollers.php` script. The impact of this issue is the execution of arbitrary SQL code. **Recommendations** For versions 1.2.25 and prior, consider disabling the `pollers.php` script as a temporary workaround until a patch is available. Restrict access to the `pollers.php` script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cacti (affected versions not specified) **Description** The issue is related to incorrect handling of file names for PHP include or require functions in the link.php component, allowing an attacker to execute arbitrary code on the server. This can be achieved through SQL Injection and insufficient processing of the include file path. The exploitation of this issue is possible for an authorized user, and its impact is the execution of arbitrary code on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.27 **Description** The issue is related to the lack of protection of the web page structure, allowing a remote attacker to conduct a cross-site scripting (XSS) attack and execute arbitrary code. The vulnerable component is the `graphs new.php` file. Exploitation of the vulnerability is possible for an authorized user, leading to the execution of arbitrary JavaScript code in the attacked user's browser. **Recommendations** For versions prior to 1.2.27, update to version 1.2.27 to resolve the issue. As a temporary workaround, consider restricting access to the `graphs new.php` file until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.27 **Description** Cacti provides an operational monitoring and fault management framework. There is a file inclusion issue in the `lib/plugin.php` file, specifically with the `api plugin hook()` function, which reads the `plugin hooks` and `plugin config` tables in the database. The read data is directly used to concatenate the file path, which is used for file inclusion. Combined with SQL injection vulnerabilities, remote code execution can be implemented. **Recommendations** For versions prior to 1.2.27, update to version 1.2.27 or later, which contains a patch for the issue. As a temporary workaround, consider disabling the `api plugin hook()` function in the `lib/plugin.php` file until a patch is available. Restrict access to the `lib/plugin.php` file to minimize the risk of exploitation.