CVE-2024-25641

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27

Description: Cacti provides an operational monitoring and fault management framework. An arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the import package() function defined in the /lib/import.php script. This function blindly trusts the filename and file content provided within the XML data and writes such files into the Cacti base path, potentially leading to the execution of arbitrary PHP code or other security impacts.

Recommendations: For versions prior to 1.2.27, update to version 1.2.27 or later to resolve the issue. As a temporary workaround, consider disabling the import package() function or restricting access to the "Package Import" feature until a patch is applied. Additionally, restrict access to the /lib/import.php script to minimize the risk of exploitation. Avoid using the "Import Templates" permission for non-essential users until the issue is resolved.