CVE-2024-31459

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published May 14, 2024
CWE ID 98

Summary

CVE-2024-31459 is a vulnerability found in Cacti, a monitoring and fault management framework, prior to version 1.2.27. The issue exists in the `lib/plugin.php` file and can lead to remote code execution when combined with SQL injection vulnerabilities. Specifically, there is a file inclusion issue with the `api_plugin_hook()` function in the mentioned file, where data from the plugin_hooks and plugin_config tables in the database is directly used to construct a file path for inclusion. However, version 1.2.27 includes a patch to address this vulnerability. This vulnerability has a base severity score of 8.0, indicating a high-risk level due to its potential impact on confidentiality, integrity, and availability of affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-31459 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database