CVE-2024-31460

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published May 14, 2024

Updated: Jun 10, 2024

CWE ID 89

Summary

CVE-2024-31460 is a SQL injection vulnerability affecting the Cacti network monitoring software. Before version 1.2.27, Cacti's `automation_tree_rules.php` did not adequately sanitize user input, allowing attackers to inject SQL code into the `create_all_header_nodes()` function of `lib/api_automation.php`. Successful exploitation of this vulnerability grants attackers the ability to modify the Cacti database. Potential impacts include arbitrary file reading and remote code execution through arbitrary file writing. Version 1.2.27 includes a patch to address this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/v5-kHy
https://www.cve.org/CVERecord?id=CVE-2024-31460
https://nvd.nist.gov/vuln/detail/CVE-2024-31460

Back to Vulnerability Database

CVE-2024-31460

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations