Cacti SQL Injection Vulnerability in Automation Tree Rules

A SQL injection vulnerability has been identified in Cacti versions through 1.2.26. The issue arises in the Automation API, specifically within the 'automation_tree_rules.php' file. The vulnerability is caused by insufficient validation of data, which allows for the injection of malicious SQL statements. This exploitation can lead to unauthorized database modifications, potentially allowing for arbitrary file reading or writing, and even remote code execution.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate the Cacti database. Such modifications could be leveraged to read arbitrary files or execute remote code, depending on the context of the injected SQL.

Reproduction

To reproduce this vulnerability, first, log into Cacti as an administrator. Navigate to the 'Automation Tree Rules' section and create a new rule. In the 'Field' input, inject a payload that includes SQL injection vectors, such as SQL commands or comments. Once the rule is saved, the injected SQL will be executed when the 'Automation API' is accessed, demonstrating the SQL injection vulnerability.

Remediation

Users can upgrade to Cacti version 1.2.29, where this vulnerability has been patched.