CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-54146: Cacti has a SQL Injection vulnerability when view host template

7.6 CVSS

Description

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.

Classification

CVE ID: CVE-2024-54146

CVSS Base Severity: HIGH

CVSS Base Score: 7.6

Affected Products

Vendor: Cacti

Product: cacti

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-25 (when was this score calculated)

References

https://github.com/Cacti/cacti/security/advisories/GHSA-vj9g-p7f2-4wqj
https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

Timeline