{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-31460", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-03T17:55:32.647Z", "datePublished": "2024-05-13T15:14:38.689Z", "dateUpdated": "2024-05-13T15:14:38.689Z"}, "containers": {"cna": {"title": "Cacti SQL Injection vulnerability in lib/api_automation.php caused by reading dirty data stored in database", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r"}, {"name": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv", "tags": ["x_refsource_MISC"], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"}], "affected": [{"vendor": "Cacti", "product": "cacti", "versions": [{"version": "< 1.2.27", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-13T15:14:38.689Z"}, "descriptions": [{"lang": "en", "value": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue."}], "source": {"advisory": "GHSA-gj3f-p326-gh8r", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31460", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-13T17:23:51.598160Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cacti:cacti:-:*:*:*:*:*:*:*"], "vendor": "cacti", "product": "cacti", "versions": [{"status": "affected", "version": "-", "lessThan": "1.2.27", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:36:17.106Z"}}]}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue."}, {"lang": "es", "value": "Cacti proporciona un framework de monitoreo operativo y gesti\u00f3n de fallas. Antes de la versi\u00f3n 1.2.27, algunos de los datos almacenados en `automation_tree_rules.php` no se verifican minuciosamente y se usan para concatenar la declaraci\u00f3n SQL en la funci\u00f3n `create_all_header_nodes()` de `lib/api_automation.php`, lo que finalmente da como resultado SQL inyecci\u00f3n. Al utilizar la tecnolog\u00eda de inyecci\u00f3n secundaria basada en SQL, los atacantes pueden modificar el contenido de la base de datos de Cacti y, en funci\u00f3n del contenido modificado, es posible lograr un mayor impacto, como la lectura de archivos arbitrarios e incluso la ejecuci\u00f3n remota de c\u00f3digo mediante la escritura de archivos arbitrarios. La versi\u00f3n 1.2.27 contiene un parche para el problema."}], "id": "CVE-2024-31460", "lastModified": "2024-06-10T17:16:26.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-14T15:25:26.897", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv"}, {"source": "security-advisories@github.com", "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}