CVE-2024-31445
HIGHCVSS v3
8.8
HIGH
EPSS Score
39.5%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717,
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 5/14/2024
- Last Modified
- 11/4/2025
Frequently Asked Questions
What is CVE-2024-31445?
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717,
Is CVE-2024-31445 actively exploited?
Active exploitation of CVE-2024-31445 has not been confirmed. The EPSS score is 39.5%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2024-31445?
CVE-2024-31445 has a CVSS v3 base score of 8.8 (HIGH severity), with vector string 3.1.
Is CVE-2024-31445 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.