SecuritySpace - CVE-2024-31458

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2024-31458

Description: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2024-31458
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x
https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x

CVE ID:	CVE-2024-31458
Description:	Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2024-31458 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x