CVE-2024-31443 – Cacti XSS vulnerability in lib/html_tree.php by reading dirty data stored in database
https://notcve.org/view.php?id=CVE-2024-31443
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. Cacti proporciona un framework de monitoreo operativo y gestión de fallas. Antes de 1.2.27, algunos de los datos almacenados en la función `form_save()` en `data_queries.php` no se verifican minuciosamente y se usan para concatenar la declaración HTML en la función `grow_right_pane_tree()` de `lib/html.php `, lo que finalmente resulta en Cross Site Scripting. • https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-29894 – Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API
https://notcve.org/view.php?id=CVE-2024-29894
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. • https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •
CVE-2024-27082 – Cacti Cross-site Scripting vulnerability when managing trees
https://notcve.org/view.php?id=CVE-2024-27082
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue. Cacti proporciona un framework de monitoreo operativo y gestión de fallas. Las versiones de Cacti anteriores a la 1.2.27 son vulnerables a Cross Site Scripting almacenadas, un tipo de Cross Site Scripting en las que script maliciosas se almacenan permanentemente en un servidor de destino y se entregan a los usuarios que acceden a una página en particular. • https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-25641 – Cacti RCE vulnerability when importing packages
https://notcve.org/view.php?id=CVE-2024-25641
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. • https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26 https://github.com/5ma1l/CVE-2024-25641 https://github.com/thisisveryfunny/CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26 https://github.com/Safarchand/CVE-2024-25641 http://seclists.org/fulldisclosure/2024/May/6 https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210 https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88 https://lists.fedoraproject.org/archives/list/package-announce@lists. • CWE-20: Improper Input Validation •
CVE-2023-51448 – SQL Injection vulnerability when managing SNMP Notification Receivers
https://notcve.org/view.php?id=CVE-2023-51448
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist. Cacti proporciona un framework de monitoreo operativo y gestión de fallos. • https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/managers.php#L941 https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •