Ishgard-2

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.29 **Description** The issue is related to the `build rule item filter()` function in the `api automation.php` script of the Cacti network monitoring tool, which fails to properly protect the SQL query structure. This can allow a remote attacker to execute arbitrary code. The vulnerability is caused by the concatenation of SQL statements using unchecked data from `automation tree rules.php`. **Recommendations** For versions prior to 1.2.29, update to version 1.2.29 to resolve the issue. As a temporary workaround, consider restricting access to the `build rule item filter()` function in `lib/api automation.php` until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Cacti version 1.2.25 **Description** The issue is related to insufficient protection of the web page structure in the Cacti network monitoring tool. This allows a remote attacker to conduct cross-site scripting attacks and gain unauthorized access to read, modify, or delete data. The vulnerability is found in the `templates import.php` file and can be exploited when uploading an XML template file that does not pass the check, resulting in a JavaScript pop-up prompt with an unfiltered XML template file name, leading to XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users, potentially leading to unauthorized changes to settings. **Recommendations** As a temporary workaround, consider disabling the `templates import.php` function until a patch is available. Restrict access to the `templates import.php` file to minimize the risk of exploitation. Avoid using unfiltered XML template file names in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cacti version 1.2.25 **Description** The issue allows a remote attacker to obtain sensitive information via the `form actions()` function in the `managers.php` file. **Recommendations** For Cacti version 1.2.25, consider disabling the `form actions()` function in the `managers.php` file as a temporary workaround until a patch is available. Restrict access to the `managers.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.27 **Description** The issue is related to the `form save()` function in Cacti, which lacks proper validation of XML object sequences, allowing a remote attacker to execute arbitrary SQL queries. This is due to some data stored in the `form save()` function being used to concatenate SQL statements in the `draw nontemplated fields graph item()` function, resulting in SQL injection. **Recommendations** For versions prior to 1.2.27, update to version 1.2.27 or later, which contains a patch for the issue. As a temporary workaround, consider restricting access to the `form save()` function and the `draw nontemplated fields graph item()` function from `lib/html form templates.php` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.27 **Description** Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation tree rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create all header nodes()` function from `lib/api automation.php`, finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. **Recommendations** To resolve the issue, update to version 1.2.27 or later, as it contains a patch for the issue. As a temporary workaround, consider restricting access to the `create all header nodes()` function and the `automation tree rules.php` file to minimize the risk of exploitation. Additionally, avoid using the vulnerable SQL statement concatenation in the `lib/api automation.php` file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. The issue arises from the `automation tree rules form save()` function in `automation tree rules.php`, where some data is not thoroughly checked and is used to concatenate the HTML statement in the `form confirm()` function from `lib/html.php`, resulting in cross-site scripting. Recommendations: For versions prior to 1.2.27, update to version 1.2.27 or later, as it contains a patch for the issue. As a temporary workaround, consider disabling the `automation tree rules form save()` function until a patch is available. Restrict access to the `automation tree rules.php` file to minimize the risk of exploitation. Avoid using the `form confirm()` function from `lib/html.php` with unverified data until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. The issue arises from the `form save()` function in `data queries.php`, where some stored data is not thoroughly checked and is used to concatenate the HTML statement in the `grow right pane tree()` function from `lib/html.php`, resulting in cross-site scripting. Recommendations: For versions prior to 1.2.27, update to version 1.2.27 or later, which contains a patch for the issue. As a temporary workaround, consider disabling the `form save()` function in `data queries.php` until a patch is available. Restrict access to the `grow right pane tree()` function from `lib/html.php` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.27 **Description** Cacti provides an operational monitoring and fault management framework. It contains a residual cross-site scripting issue. **Recommendations** For versions prior to 1.2.27, update to version 1.2.27 or later to resolve the issue.