CVE-2024-31459 | Cacti up to 1.2.26 lib/plugin.php api_plugin_hook filename control

Posted by Angelo Barbosa | May 13, 2024 | CVE

A vulnerability was found in Cacti up to 1.2.26. It has been rated as problematic. Affected by this issue is the function api_plugin_hook in the library lib/plugin.php. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is handled as CVE-2024-31459. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-31459 | Cacti up to 1.2.26 lib/plugin.php api_plugin_hook filename control

Related Posts

CVE-2024-22477 | Ping Identity PingFederate up to 12.0.0 Admin Console OIDC Policy Management Editor cross site scripting

CVE-2024-31032 | Huashi Private Cloud CDN Live Streaming Acceleration Server manager/ipping.php Privilege Escalation

CVE-2023-6579 | osCommerce 4 POST Parameter shopping-cart estimate[country_id] sql injection

CVE-2024-33405 | Campcodes Complete Web-Based School Management System 1.0 add_friends.php friend_index sql injection