CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31460 – Cacti SQL Injection vulnerability in lib/api_automation.php caused by reading dirty data stored in database
https://notcve.org/view.php?id=CVE-2024-31460
Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. • https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31459 – Cacti RCE vulnerability by file include in lib/plugin.php
https://notcve.org/view.php?id=CVE-2024-31459
Combined with SQL injection vulnerabilities, remote code execution can be implemented. • https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31445 – SQL Injection vulnerability in automation_get_new_graphs_sql
https://notcve.org/view.php?id=CVE-2024-31445
Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. • https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717 https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856 https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886 https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 4CVE-2024-25641 – Cacti RCE vulnerability when importing packages
https://notcve.org/view.php?id=CVE-2024-25641
Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. ... This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. ... Cacti versions prior to 1.2.27 suffer from an arbitrary file write vulnerability that allows for remote code execution. • https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26 https://github.com/5ma1l/CVE-2024-25641 https://github.com/thisisveryfunny/CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26 https://github.com/Safarchand/CVE-2024-25641 http://seclists.org/fulldisclosure/2024/May/6 https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210 https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88 https://lists.fedoraproject.org/archives/li • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29212
https://notcve.org/view.php?id=CVE-2024-29212
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. Debido a un método de deserialización inseguro utilizado por el servidor Veeam Service Provider Console (VSPC) en la comunicación entre el agente de administración y sus componentes, bajo ciertas condiciones, es posible realizar la ejecución remota de código (RCE) en la máquina del servidor VSPC. • https://www.veeam.com/kb4575 • CWE-502: Deserialization of Untrusted Data •