SQL Injection in cacti/cacti


Reported on

Nov 13th 2021


SQL Injection vulnerability occurs because the input taken from parameters is not sanitized for SQL Injection statement in user_admin.php

user_admin.php:84 update_policies() function contains sql injection vulnerability

get_nfilter_request_var() function takes get/post parameter without sanitizing, so an attacker is able to inject arbitrary data into SQL query


This vulnerability is capable of injection SQL queries

We are processing your report and will contact the cacti team within 24 hours. 2 years ago
Selim Enes Karaduman modified the report
2 years ago
We have contacted a member of the cacti team and are waiting to hear back 2 years ago
We have sent a follow up to the cacti team. We will try again in 4 days. 2 years ago
2 years ago


@admin is it normal to take that much time for author to response?

Jamie Slome
2 years ago

We have sent two e-mails out to the maintainer and are yet to hear back from them. It might be worth getting in touch with them personally, and sharing the URL for this report with them! 👍

We have sent a second follow up to the cacti team. We will try again in 7 days. 2 years ago
cacti/cacti maintainer validated this vulnerability 2 years ago
enesdex has been awarded the disclosure bounty
The fix bounty is now up for grabs
Jimmy Conner marked this as fixed in 1.2.20 with commit 33b894 2 years ago
Jimmy Conner has been awarded the fix bounty
to join this conversation