-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 09 Feb 2025 14:36:48 +0000
Source: cacti
Architecture: source
Version: 1.2.24+ds1-1+deb12u5
Distribution: bookworm-security
Urgency: medium
Maintainer: Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
 cacti (1.2.24+ds1-1+deb12u5) bookworm-security; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2024-27082: Stored XSS vulnerability.
   * Fix CVE-2024-43362: XSS (Cross-Site Scripting) Vulnerability.
     The `fileurl` parameter is not properly sanitized when
     saving external links in `links.php` . Morever, the said
     fileurl is placed in some html code which is passed to
     the `print` function in `link.php` and `index.php`,
     finally leading to stored XSS
   * Fix CVE-2024-43363: Remote Code Execution (RCE) by
     log poisoning. An admin user can create a device with
     a malicious hostname containing php code and repeat
     the installation process to use a php file as the
     cacti log file. After having the malicious hostname end
     up in the logs (log poisoning), one can simply go to the
     log file url to execute commands to achieve RCE.
   * Fix CVE-2024-43364: Stored XSS (Cross-Site Scripting) Vulnerability.
     The `title` parameter is not properly sanitized when
     saving external links in links.php . Morever, the said
     title parameter is stored in the database and reflected back
     to user in index.php, finally leading to stored XSS.
   * Fix CVE-2024-43365: Stored XSS (Cross-Site Scripting) Vulnerability.
     The`consolenewsection` parameter is not properly sanitized
     when saving external links in links.php . Morever, the said
     consolenewsection parameter is stored in the database and
     reflected back to user in `index.php`, finally leading
     to stored XSS.
   * Fix CVE-2024-45598: Local File Inclusion (LFI) Vulnerability
     via Poller Standard Error Log Path.
     An admin can change Poller Standard Error Log Path parameter in
     either Installation Step 5 or in Configuration->Settings->Paths tab
     to a local file inside the server. Then simply going to Logs tab and
     selecting the name of the local file will show its content
     on the web UI.
   * Fix CVE-2024-54145: SQL Injection vulnerability when request
     automation devices.
     A SQL injection vulnerability in get_discovery_results function
     of automation_devices.php.paramter networkconcat into
     sql_wherewithout Sufficient filtration.
   * Fix CVE-2025-22604: Authenticated RCE via multi-line SNMP responses
     Due to a flaw in multi-line SNMP result parser, authenticated users
     can inject malformed OIDs in the response. When processed by
     ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each
     OID will be used as a key in an array that is used as part of a
     system command, causing a command execution vulnerability.
   * Fix CVE-2025-24367: Arbitrary File Creation leading to RCE
     An authenticated Cacti user can abuse graph creation and graph
     template functionality to create arbitrary PHP scripts in the
     web root of the application, leading to remote code
     execution on the server.
   * Fix CVE-2025-24368: SQL Injection vulnerability when using
     tree rules through Automation API
     Some of the data stored in automation_tree_rules.php is not
     thoroughly checked and is used to concatenate the SQL statement in
     build_rule_item_filter() function from lib/api_automation.php ,*
     finally resulting in SQL injection.
Checksums-Sha1:
 8b0ded08f8413a199c300c3000ba399cbcddf697 2500 cacti_1.2.24+ds1-1+deb12u5.dsc
 dddbad3784e15fb61ceb9f0c649e45711d6bf7e3 24226965 cacti_1.2.24+ds1.orig-docs-source.tar.gz
 6f258f06289889566b7d6a255b904aae9756d97d 10026982 cacti_1.2.24+ds1.orig.tar.gz
 89cd7c2c50c9ee960a0ff4fbad9ad3801e5e3c7c 83448 cacti_1.2.24+ds1-1+deb12u5.debian.tar.xz
 c5846e7e879805110e9eedbd602c74f4cede3122 6531 cacti_1.2.24+ds1-1+deb12u5_amd64.buildinfo
Checksums-Sha256:
 a4f3d86407d43a9ca1fd0fd5275d5d68687b669bf1764ad89291f3632ae22e66 2500 cacti_1.2.24+ds1-1+deb12u5.dsc
 180acdab0fbbbae452bb6f46ad9d406cedcb540967410f71aa69be4a281bb74c 24226965 cacti_1.2.24+ds1.orig-docs-source.tar.gz
 4247d8120b0661a2019a0d39f35c6e84cfd4e4161e0791ff233c3e3bd2d571da 10026982 cacti_1.2.24+ds1.orig.tar.gz
 2f1cb9f3e23c23bd78aab21c479e1c3c098db2b2182adb6c1a404d06afa53a6b 83448 cacti_1.2.24+ds1-1+deb12u5.debian.tar.xz
 5c4d50bbc943a1b07cdc1fc626d5c7633d0e26834303094652329ed33e08e8e6 6531 cacti_1.2.24+ds1-1+deb12u5_amd64.buildinfo
Files:
 ca0826dafde2cbebd697b52bd061927a 2500 web optional cacti_1.2.24+ds1-1+deb12u5.dsc
 a05d1c5f50554a86fd0eb11f070594a7 24226965 web optional cacti_1.2.24+ds1.orig-docs-source.tar.gz
 69cdb0ae5b490a8328e99ad2f161aca6 10026982 web optional cacti_1.2.24+ds1.orig.tar.gz
 bc9b3a2fb4381dc3992d25d70ca5a0d4 83448 web optional cacti_1.2.24+ds1-1+deb12u5.debian.tar.xz
 29182c09e3c050e7768414c3b455f7f6 6531 web optional cacti_1.2.24+ds1-1+deb12u5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmeovvYACgkQADoaLapB
CF8h/BAAlE+b7WCZO0efRdMnj0vVNdIQ+/cKdDMpyqd+B8WXGg0auTQeWNVFxR7N
SsCsqX1gjgHBHnTy5mYiw4XddqzLnLFSEEhIvEWvTaYkITPeCzH359Gxm4NbbuFG
tEPZzvVgFHCKc+BbuCdFs6Ye0XgjH2IWaYljYgWEYxp7sWCZ01lndUOEHYA0dFwv
uvsQMRiixSCRmxHMAImQdETKMcoGNjI1NgaT9KUvP0SZC4KUEr5u38C3hjWI4BRY
tggjKCaT9lArSWTjj++ZGyiXP/JiROqHxzFR/eZaPPewfPh8Qh0mIepgKDMGh1x3
Xf1meCK/EJE6acHtpYz5TBjsUJH9Wp8RcQxRjnmXcVYPmPMfG7O2qpfauGNofFzK
xUhiM1PG7HE0G8yotzga6dFiQMy9SBYCPS2Sm+4sa0wEYSq4Jz3qaHMGQWxO9SlG
9+sJAK0eLX2b5EmAHOOHwCc5TjiPgmqgwkDsx8pOYCB9XinDs3HC7YALclB5XMHC
PkU14whC+AS08R8aRf5wALXITvqa8TUMNt0gECjLb8Yf0mUahPPDKJJQBJFdm3fw
DtffLHCOxssB/8VhNWxeqFQwMc2/Bqf4b5GVyQcKtoAJbGCageakA1ELIxNXER28
m42skVU5xCLCZ7FDAFlPSJqZIqnbM0d5xIGhrQiwR2ngnzoULGg=
=Nh2y
-----END PGP SIGNATURE-----