-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 09 Feb 2025 14:36:48 +0000
Source: cacti
Binary: cacti
Architecture: all
Version: 1.2.24+ds1-1+deb12u5
Distribution: bookworm-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 cacti      - web interface for graphing of monitoring systems
Changes:
 cacti (1.2.24+ds1-1+deb12u5) bookworm-security; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2024-27082: Stored XSS vulnerability.
   * Fix CVE-2024-43362: XSS (Cross-Site Scripting) Vulnerability.
     The `fileurl` parameter is not properly sanitized when
     saving external links in `links.php` . Morever, the said
     fileurl is placed in some html code which is passed to
     the `print` function in `link.php` and `index.php`,
     finally leading to stored XSS
   * Fix CVE-2024-43363: Remote Code Execution (RCE) by
     log poisoning. An admin user can create a device with
     a malicious hostname containing php code and repeat
     the installation process to use a php file as the
     cacti log file. After having the malicious hostname end
     up in the logs (log poisoning), one can simply go to the
     log file url to execute commands to achieve RCE.
   * Fix CVE-2024-43364: Stored XSS (Cross-Site Scripting) Vulnerability.
     The `title` parameter is not properly sanitized when
     saving external links in links.php . Morever, the said
     title parameter is stored in the database and reflected back
     to user in index.php, finally leading to stored XSS.
   * Fix CVE-2024-43365: Stored XSS (Cross-Site Scripting) Vulnerability.
     The`consolenewsection` parameter is not properly sanitized
     when saving external links in links.php . Morever, the said
     consolenewsection parameter is stored in the database and
     reflected back to user in `index.php`, finally leading
     to stored XSS.
   * Fix CVE-2024-45598: Local File Inclusion (LFI) Vulnerability
     via Poller Standard Error Log Path.
     An admin can change Poller Standard Error Log Path parameter in
     either Installation Step 5 or in Configuration->Settings->Paths tab
     to a local file inside the server. Then simply going to Logs tab and
     selecting the name of the local file will show its content
     on the web UI.
   * Fix CVE-2024-54145: SQL Injection vulnerability when request
     automation devices.
     A SQL injection vulnerability in get_discovery_results function
     of automation_devices.php.paramter networkconcat into
     sql_wherewithout Sufficient filtration.
   * Fix CVE-2025-22604: Authenticated RCE via multi-line SNMP responses
     Due to a flaw in multi-line SNMP result parser, authenticated users
     can inject malformed OIDs in the response. When processed by
     ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each
     OID will be used as a key in an array that is used as part of a
     system command, causing a command execution vulnerability.
   * Fix CVE-2025-24367: Arbitrary File Creation leading to RCE
     An authenticated Cacti user can abuse graph creation and graph
     template functionality to create arbitrary PHP scripts in the
     web root of the application, leading to remote code
     execution on the server.
   * Fix CVE-2025-24368: SQL Injection vulnerability when using
     tree rules through Automation API
     Some of the data stored in automation_tree_rules.php is not
     thoroughly checked and is used to concatenate the SQL statement in
     build_rule_item_filter() function from lib/api_automation.php ,*
     finally resulting in SQL injection.
Checksums-Sha1:
 6c0e74b7cf0cc4a3100d39f78a96d8b304943084 6269 cacti_1.2.24+ds1-1+deb12u5_all-buildd.buildinfo
 5d33af46a4486a947a136058ad0e6f2a5f78a0a7 28195744 cacti_1.2.24+ds1-1+deb12u5_all.deb
Checksums-Sha256:
 f9a45cc563d3bc825551fa9e75f2c7bd00f08b046e06cf1f47a9c6190287c7c9 6269 cacti_1.2.24+ds1-1+deb12u5_all-buildd.buildinfo
 cac0a770929352bc03cabdff5420ce5d06159e48bab5fece12dfa5792465cdef 28195744 cacti_1.2.24+ds1-1+deb12u5_all.deb
Files:
 0615e4e1c44ebdd6e6bd6910304fbdb2 6269 web optional cacti_1.2.24+ds1-1+deb12u5_all-buildd.buildinfo
 8691952fd7481fcd61f7618656321d98 28195744 web optional cacti_1.2.24+ds1-1+deb12u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgdRoRGwEM09wlaMzOni7ZmUpKEcFAmeoxJUACgkQOni7ZmUp
KEfWdBAA2gslRDSzGp9LGR7gJnuVcy+jM6xJMnO8fqefqO8GvfCoUKUV+qNC4z6r
L2g8Cy+KjLPYq2SHAIa6g5OgO+GghKQVkuUxv3yFX4OVNT1PntG3em85wcS6lZm8
UkMujgdCoDL7Dif/bo90QX0dhf+f2k9pOsaMXJrasyCGHsXiumQwJiHHjpqbjPMV
191Dinyti1bY7odzAb12yjFuJmj+zIuyS9r8+AhrPOmtnuMXgUNPdFobMm9lUmJU
ugi3vlNlTx8+cC/TJoSA9TjNW2wHp8F20B8Ys2OHfCzd9CbaoCnAq9WqLdy6+pX4
v37XOOQZDYqaz10SepfWNEDUW8qKg950IqmpmFIvomnAu3yF9IJh9WyT8fqHNuUQ
RyDsovC8DWDNeFo6iDEnlQcKOJWELgYE3DszmNQLPLCTWouTIx3wtGMBp7SXqkA3
1/V1Pg9LaNoa6iBEiuIt8lplz3awT/wnop7ELICr+jNgGZlTwnVDmUzByJ7P3mP4
rnNQ/FCGbzKrlTmM9nJKXpy5vcbSEa0jmOBsVdyBx7vIJDd3QpZQb98f14YT7zv3
5/C3IWtNHBnoSQ/Eg/kwFNM+vQ/GD3m6egx0Nb9iu2JuNmnMrK1A1l+TyV9r0uyf
x4LvVkimOmYJ8h3NsWcguZ/d+CkqkuqKubeUQAZ9l9OO9RHpB2c=
=YpYu
-----END PGP SIGNATURE-----