CVE-2024-54145

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.29

Description Cacti is an open source performance and fault management framework. It has a SQL injection vulnerability in the get discovery results function of automation devices.php using the network parameter. This vulnerability may allow a remote attacker to execute arbitrary code.

Recommendations For versions prior to 1.2.29, update to version 1.2.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the automation devices.php file or disabling the get discovery results function until a patch is available. Avoid using the network parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

ALT-PU-2025-3834

ALT-PU-2025-5333

BDU:2025-00976

CVE-2024-54145

DLA-4048-1

DSA-5862-1

GHSA-FH3X-69RR-QQPP

Affected Products

Alt Linux

Cacti

CVE-2024-54145

Weakness Enumeration

Related Identifiers

Affected Products

References · 17