Cacti Monitoring Tool Vulnerable to SQL Injection Attacks – Update Now!

CVSScvssV3_1: 8.8

Cacti is a popular open source network monitoring and graphing tool. A recent vulnerability was discovered in version 1.2.25 of Cacti that could allow remote attackers to conduct SQL injection attacks.

The vulnerability exists in the SNMP Notification Receivers feature in the file ‘managers.php’. An authenticated attacker with the “Settings/Utilities” permission can craft a malicious HTTP request containing an SQL injection payload to the ‘/cacti/managers.php’ endpoint.

SQL injection attacks work by inserting malicious SQL code through a web form input or URL parameter. This allows attackers to view, modify or delete information in the backend database. In this case, a hacker could potentially view sensitive monitoring data or even gain full administrative access to the Cacti server.

As no patches have been released yet, all Cacti users are urged to upgrade to the latest version once an update is available. In the meantime, consider restricting access to the vulnerable page or feature if possible. Regularly monitoring logs for any unusual activity can also help detect potential exploitation attempts.

Staying on top of software updates is one of the best ways to protect yourself from known vulnerabilities. So check back regularly for a Cacti patch and upgrade promptly to close this SQLi hole. Vigilance around web application security is important for any monitoring tools with a web interface.