CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-54145: Cacti has a SQL Injection vulnerability when request automation devices

6.3 CVSS

Description

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.

Classification

CVE ID: CVE-2024-54145

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.3

Affected Products

Vendor: Cacti

Product: cacti

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-25 (when was this score calculated)

References

https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp
https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

Timeline

2025-01-28 00:30:24 UTC
CVE

Cacti has a SQL Injection vulnerability when request automation devices