13May
CVE-2024-31459 | Cacti up to 1.2.26 lib/plugin.php api_plugin_hook filename control
A vulnerability was found in Cacti up to 1.2.26. It has been rated as problematic. Affected by this issue is the functionapi_plugin_hook in the library lib/plugin.php. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion').
This vulnerability is handled as CVE-2024-31459. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
