Ubuntu.comUB:CVE-2024-31459CVE-2024-31459
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
Cacti provides an operational monitoring and fault management framework.
Prior to version 1.2.27, there is a file inclusion issue in the
lib/plugin.php file. Combined with SQL injection vulnerabilities, remote
code execution can be implemented. There is a file inclusion issue with the
api_plugin_hook() function in the lib/plugin.php file, which reads the
plugin_hooks and plugin_config tables in database. The read data is
directly used to concatenate the file path which is used for file
inclusion. Version 1.2.27 contains a patch for the issue.
References
github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
launchpad.net/bugs/cve/CVE-2024-31459
nvd.nist.gov/vuln/detail/CVE-2024-31459
security-tracker.debian.org/tracker/CVE-2024-31459
www.cve.org/CVERecord?id=CVE-2024-31459
Related
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%