A vulnerability was found in Cacti up to 1.2.26. It has been rated as problematic. Affected by this issue is the function
api_plugin_hook
in the library lib/plugin.php. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).
This vulnerability is handled as CVE-2024-31459. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.