SB2024060301 - Multiple vulnerabilities in Cacti

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024060301

SB2024060301 - Multiple vulnerabilities in Cacti

Published: June 3, 2024 Updated: March 18, 2025

Security Bulletin ID SB2024060301
Severity
Medium
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 30% Low 70%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Cross-site scripting (CVE-ID: CVE-2024-29894)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the raise_message_javascript() function from lib/functions.php. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Note, the vulnerability exists due to incomplete fix for #VU84815 (CVE-2023-50250).


2) Code Injection (CVE-ID: CVE-2024-25641)

The vulnerability allows a remote user to execute arbitrary PHP code on the target system.

The vulnerability exists due to improper input validation within the "Package Import" feature. A remote privileged user can send a specially crafted request and execute arbitrary PHP code on the target server.



3) SQL injection (CVE-ID: CVE-2024-31445)

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data within the automation_get_new_graphs_sql() function of api_automation.php. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.


4) Stored cross-site scripting (CVE-ID: CVE-2024-27082)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


5) PHP file inclusion (CVE-ID: CVE-2024-31459)

The vulnerability allows a remote user to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation when including PHP files within the api_plugin_hook() function in the lib/plugin.php. A remote user can combine a SQL injection vulnerability #VU90699 (CVE-2024-31460) to include and execute arbitrary PHP code on the server.


6) SQL injection (CVE-ID: CVE-2024-31460)

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data within the automation_tree_rules_form_save() function in automation_tree_rules.php. A remote user can store  a specially crafted payload in database, which is later executed in lib/api_automation.php, and execute arbitrary SQL commands within the application database.


7) SQL injection (CVE-ID: CVE-2024-31458)

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data within the form_save() function in graph_template_inputs.php. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.


8) Cross-site scripting (CVE-ID: CVE-2024-31444)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the automation_tree_rules_form_save() function in automation_tree_rules.php. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


9) Cross-site scripting (CVE-ID: CVE-2024-31443)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the form_save() function in data_queries.php. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


10) Improper Authentication (CVE-ID: CVE-2024-34340)

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to an error in the compat_password_verify() function when comparing older MD5 hashes. A remote user can bypass authentication process and gain unauthorized access to the application.


Remediation

Install update from vendor's website.

References