Select Page

Oct 26, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 18 – Cacti Unauthenticated SQL Injection Vulnerability



Cacti, an open-source tool developed by the Cacti team, has long been a trusted resource for network traffic monitoring and analysis. However, as with any software, vulnerabilities can arise. One such vulnerability that demands immediate attention is the Cacti Unauthenticated SQL Injection Vulnerability.


SQL injection is a commonly encountered type of vulnerability that occurs when user input is not properly sanitized, enabling attackers to inject malicious SQL code into an application’s database queries. In the context of Cacti 1.2.24, the vulnerability is related to the ‘graph_view.php’ page, accessible to guest users without authentication by default.

The vulnerability is specifically found in the ‘rfilter’ parameter within the ‘grow_right_pane_tree’ function called from the ‘graph_view.php’ file. This parameter is not properly validated, and an attacker can manipulate it to inject malicious SQL code into the application’s database.

Once exploited, this vulnerability could allow an attacker to seize administrative privileges or execute remote code, resulting in unauthorized control and access to the system.

Affected Version

Cacti version 1.2.24


Official fix: To prevent these attacks, users are recommended to upgrade to version 1.2.25 and version 1.3.0. Please visit:

Implementing the Fix

Upgrade your IPS signature database to version 3.0.175 and your AV signature database to version 2.1.525 to ensure that Hillstone Networks Intrusion Prevention System (NIPS) and Hillstone Breach Detection System (BDS) are equipped to detect and provide protection against this vulnerability.

Figure 1. Hillstone Networks NIPS detects and protects users from this vulnerability
Figure 2. Hillstone Networks BDS detects and protects users from this vulnerability

The hotspot intelligence of this vulnerability is available on Hillstone Networks iSource as well.

Figure 3. The intelligence of this vulnerability on Hillstone Networks iSource