CVE-2024-54146

CVE-2024-54146

Name

CVE-2024-54146

Description

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
CONFIRM	https://github.com/Cacti/cacti/security/advisories/GHSA-vj9g-p7f2-4wqj

Type

URI

MISC

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

CONFIRM

https://github.com/Cacti/cacti/security/advisories/GHSA-vj9g-p7f2-4wqj

CPE URI	Source package	Min version	Max version
	cacti	>= 0	< 1.2.29
`cpe:2.3:a:cacti:cacti::::::::`	cacti	>= None	< 1.2.29

CPE URI

Source package

Min version

Max version

cacti

>= 0

< 1.2.29

cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*

cacti

>= None

< 1.2.29

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
cacti	edge-community	1.2.28-r1	None	possibly vulnerable
cacti	edge-community	1.2.28-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.27-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.26-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.25-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.20-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.17-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.13-r0	None	possibly vulnerable
cacti	edge-community	1.2.8-r0	None	possibly vulnerable
cacti	3.22-community	1.2.28-r0	None	possibly vulnerable
cacti	3.22-community	1.2.27-r0	None	possibly vulnerable
cacti	3.22-community	1.2.26-r0	None	possibly vulnerable
cacti	3.22-community	1.2.25-r0	None	possibly vulnerable
cacti	3.22-community	1.2.20-r0	None	possibly vulnerable
cacti	3.22-community	1.2.17-r0	None	possibly vulnerable
cacti	3.22-community	1.2.13-r0	None	possibly vulnerable
cacti	3.22-community	1.2.8-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

cacti

edge-community

1.2.28-r1

None

possibly vulnerable

cacti

edge-community