Fluid Attacks Database

Description

Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	cacti	>=0 <1.2.30+ds1-1	1.2.30+ds1-1
debian 14	cacti	>=0 <1.2.30+ds1-1	1.2.30+ds1-1

Aliases

1. CVE-2025-265202. NVD-2025-265203. OSV-DEBIAN-2025-265204. OSV-2025-265205. SECURITY-TRACKER-CVE-2025-26520

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.