Cacti SQL Injection Vulnerability in Automation Devices API

A SQL injection vulnerability has been identified in Cacti versions 1.2.28 and prior. The issue arises in the 'get_discovery_results' function of 'automation_devices.php', where the 'network' parameter is concatenated into the SQL 'WHERE' clause without proper sanitization. This flaw allows attackers to manipulate the SQL query, potentially leading to unauthorized data access.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to 'automation_devices.php' with a crafted 'network' parameter that includes SQL injection payloads. The injection will be executed because the parameter is directly concatenated into the SQL query without proper filtration.

Remediation

Users can upgrade to Cacti version 1.2.29, where this vulnerability has been patched.