https://bugzilla.suse.com/show_bug.cgi?id=1224240 Bug ID: 1224240 Summary: VUL-0: CVE-2024-31458: cacti: SQL Injection vulnerability when using form templates Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Fixed in 1.2.27 Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally resulting in SQL injection. https://github.com/cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r -- You are receiving this mail because: You are on the CC list for the bug.