CVE-2024-31459
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-31459
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31459.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-31459
- Aliases
-
- CVE-2023-49084
- CVE-2024-31460
- GHSA-cx8g-hvq8-p2rv
- GHSA-gj3f-p326-gh8r
- GHSA-pfh9-gwm6-86vp
- Related
- Published
- 2024-05-14T15:25:26Z
- Modified
- 2024-09-18T03:26:56.641929Z
- Summary
- [none]
- Details
-
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the
lib/plugin.phpfile. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with theapi_plugin_hook()function in thelib/plugin.phpfile, which reads the pluginhooks and pluginconfig tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue. - References
-
- https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
- https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
- https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
- https://security-tracker.debian.org/tracker/CVE-2024-31459
Affected packages
Debian:11 / cacti
Package
- Name
- cacti
- Purl
- pkg:deb/debian/cacti?arch=source
Debian:12 / cacti
Package
- Name
- cacti
- Purl
- pkg:deb/debian/cacti?arch=source
Debian:13 / cacti
Package
- Name
- cacti
- Purl
- pkg:deb/debian/cacti?arch=source