Fluid Attacks Database

Description

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	cacti	=1.2.24+ds1-1 \|\| =1.2.24+ds1-1+deb12u1 \|\| =1.2.24+ds1-1+deb12u2 \|\| =1.2.24+ds1-1+deb12u3 \|\| =1.2.24+ds1-1+deb12u4 \|\| >=0 <1.2.24+ds1-1+deb12u5	1.2.24+ds1-1+deb12u5
debian 11	cacti	=1.2.16+ds1-2 \|\| =1.2.16+ds1-2+deb11u1 \|\| =1.2.16+ds1-2+deb11u2 \|\| =1.2.16+ds1-2+deb11u3 \|\| =1.2.16+ds1-2+deb11u4 \|\| >=0 <1.2.16+ds1-2+deb11u5	1.2.16+ds1-2+deb11u5
debian 13	cacti	>=0 <1.2.28+ds1-4	1.2.28+ds1-4
debian 14	cacti	>=0 <1.2.28+ds1-4	1.2.28+ds1-4

Aliases

1. CVE-2024-541452. NVD-2024-541453. OSV-DEBIAN-2024-541454. OSV-2024-541455. SECURITY-TRACKER-CVE-2024-54145

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.