CVE-2024-25641 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-25641 Interim 1 7 2025-02-16T01:34:07Z current 2024-05-14T23:11:57Z 2025-02-16T01:34:07Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-25641 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RAIZKHB2VPK6KRYTE3TU44EJVFAT4WWP/ E-Mail link for openSUSE-SU-2024:0274-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JAAOBG657QTBRHKB55GHL2C7553NKG67/ E-Mail link for openSUSE-SU-2024:0276-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 SUSE Package Hub 15 SP5 SUSE Package Hub 15 SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 openSUSE Tumbleweed cacti-1.2.27-1.1 cacti-1.2.27-41.1 cacti-1.2.27-bp155.2.9.1 cacti-1.2.27-bp156.2.3.1 cacti-spine-1.2.27-35.1 cacti-spine-1.2.27-bp155.2.9.1 cacti-spine-1.2.27-bp156.2.3.1 cacti-1.2.27-41.1 as a component of SUSE Package Hub 12 cacti-spine-1.2.27-35.1 as a component of SUSE Package Hub 12 cacti-1.2.27-bp155.2.9.1 as a component of SUSE Package Hub 15 SP5 cacti-spine-1.2.27-bp155.2.9.1 as a component of SUSE Package Hub 15 SP5 cacti-1.2.27-bp156.2.3.1 as a component of SUSE Package Hub 15 SP6 cacti-spine-1.2.27-bp156.2.3.1 as a component of SUSE Package Hub 15 SP6 cacti-1.2.27-bp155.2.9.1 as a component of openSUSE Leap 15.5 cacti-spine-1.2.27-bp155.2.9.1 as a component of openSUSE Leap 15.5 cacti-1.2.27-bp156.2.3.1 as a component of openSUSE Leap 15.6 cacti-spine-1.2.27-bp156.2.3.1 as a component of openSUSE Leap 15.6 cacti-1.2.27-1.1 as a component of openSUSE Tumbleweed Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. CVE-2024-25641 SUSE Package Hub 12:cacti-1.2.27-41.1 SUSE Package Hub 12:cacti-spine-1.2.27-35.1 SUSE Package Hub 15 SP5:cacti-1.2.27-bp155.2.9.1 SUSE Package Hub 15 SP5:cacti-spine-1.2.27-bp155.2.9.1 SUSE Package Hub 15 SP6:cacti-1.2.27-bp156.2.3.1 SUSE Package Hub 15 SP6:cacti-spine-1.2.27-bp156.2.3.1 openSUSE Leap 15.5:cacti-1.2.27-bp155.2.9.1 openSUSE Leap 15.5:cacti-spine-1.2.27-bp155.2.9.1 openSUSE Leap 15.6:cacti-1.2.27-bp156.2.3.1 openSUSE Leap 15.6:cacti-spine-1.2.27-bp156.2.3.1 openSUSE Tumbleweed:cacti-1.2.27-1.1 critical 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H