• caglararli@hotmail.com
  • 05386281520

CVE-2024-31459 | Cacti up to 1.2.26 lib/plugin.php api_plugin_hook filename control

Çağlar Arlı      -    24 Views

CVE-2024-31459 | Cacti up to 1.2.26 lib/plugin.php api_plugin_hook filename control

A vulnerability was found in Cacti up to 1.2.26. It has been rated as problematic. Affected by this issue is the function api_plugin_hook in the library lib/plugin.php. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is handled as CVE-2024-31459. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.