Cacti has a SQL Injection vulnerability when using tree rules through Automation API

Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.

N/A

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Cacti 安全漏洞

Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据，使用RRDtool绘画图形进行分析，并提供数据和用户管理功能。 Cacti存在安全漏洞，该漏洞源于automation_tree_rules.php中存储的数据未充分检查，并在build_rule_item_filter函数中用于拼接SQL语句，导致SQL注入。

N/A

N/A