U32I

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.29 Cacti versions prior to 1.2.24+ds1-1+deb12u5 Cacti versions prior to 1.2.16+ds1-2+deb11u5 **Description** Cacti, a web interface for graphing of monitoring systems, contains a critical flaw in its multi-line SNMP result parser. This allows authenticated users to inject malformed Object Identifier (OID) values in SNMP responses. When processed by the `ss net snmp disk io()` or `ss net snmp disk bytes()` functions, a portion of each OID is used as a key in an array that is then used as part of a system command, leading to remote code execution. Approximately 179,000 instances of Cacti are discoverable online. **Recommendations** Upgrade to Cacti version 1.2.29 or later. Upgrade to Cacti version 1.2.24+ds1-1+deb12u5 or later. Upgrade to Cacti version 1.2.16+ds1-2+deb11u5 or later.

**Name of the Vulnerable Software and Affected Versions** GNU Global versions 6.6.12 and earlier **Description** The issue allows code execution in situations where `dbpath` (also known as `-d`) is untrusted, because shell metacharacters may be used. This can lead to execution of code when `dbpath` is not trusted. **Recommendations** For GNU Global versions 6.6.12 and earlier, as a temporary workaround, consider restricting the use of the `dbpath` parameter to minimize the risk of exploitation. Avoid using untrusted input for the `dbpath` parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InstantCMS version 2.16.2 **Description** A SQL injection issue affects the application, allowing an attacker with administrative privileges to execute unauthorized SQL code. The vulnerability exists in the `index chart data` action, which receives user input and passes it unsanitized to the core model `filterFunc` function, embedding this data in an SQL statement. This enables attackers to inject unwanted SQL code into the statement. The `period` variable should be escaped before inserting it into the query. **Recommendations** As a temporary workaround, consider disabling the `index chart data` action until a patch is available. Restrict access to the `filterFunc` function to minimize the risk of exploitation. Avoid using the `period` variable in the affected SQL statement until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Astropy version 5.3.2 **Description** The issue is related to remote code execution due to improper input validation in the `TranformGraph().to dot graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. **Recommendations** For version 5.3.2, update to version 5.3.3 to fix the issue. As a temporary workaround, consider restricting the use of the `TranformGraph().to dot graph` function or limiting access to the `savelayout` argument to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Akaunting versions 3.1.3 and earlier **Description** An OS command injection issue exists, allowing an attacker to manipulate the company locale during app installation to execute system commands on the hosting server. **Recommendations** For versions 3.1.3 and earlier, update to a version later than 3.1.3 to resolve the issue. As a temporary workaround, consider restricting the ability to install apps or manipulate the company locale to minimize the risk of exploitation.