CVE-2025-26520

CVE-2025-26520

Name

CVE-2025-26520

Description

Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://github.com/Cacti/cacti/commit/7fa60c03ad4a69c701ac6b77c85a8927df7acd51
cve@mitre.org	https://github.com/Cacti/cacti/pull/6096

Type

URI

cve@mitre.org

https://github.com/Cacti/cacti/commit/7fa60c03ad4a69c701ac6b77c85a8927df7acd51

cve@mitre.org

https://github.com/Cacti/cacti/pull/6096

CPE URI	Source package	Min version	Max version
	cacti	>= 0	<= 1.2.29

CPE URI

Source package

Min version

Max version

cacti

>= 0

<= 1.2.29

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
cacti	edge-community	1.2.29-r0	None	possibly vulnerable
cacti	edge-community	1.2.28-r1	None	possibly vulnerable
cacti	edge-community	1.2.28-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.27-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.26-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.25-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.20-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.17-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.13-r0	None	possibly vulnerable
cacti	edge-community	1.2.8-r0	None	possibly vulnerable
cacti	3.22-community	1.2.29-r0	None	possibly vulnerable
cacti	3.22-community	1.2.28-r0	None	possibly vulnerable
cacti	3.22-community	1.2.27-r0	None	possibly vulnerable
cacti	3.22-community	1.2.26-r0	None	possibly vulnerable
cacti	3.22-community	1.2.25-r0	None	possibly vulnerable
cacti	3.22-community	1.2.20-r0	None	possibly vulnerable
cacti	3.22-community	1.2.17-r0	None	possibly vulnerable
cacti	3.22-community	1.2.13-r0	None	possibly vulnerable
cacti	3.22-community	1.2.8-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

cacti

edge-community

1.2.29-r0

None

possibly vulnerable

cacti

edge-community