An unauthenticated SQL injection vulnerability in Cacti allows remote attackers to execute arbitrary database commands, posing a critical risk of complete database compromise.

The vulnerability occurs because the rfilter request variable is passed directly into a SQL RLIKE clause without proper sanitization. In environments where guest viewing is enabled, an unauthenticated attacker can manipulate database queries to extract or modify data.

The CVSS score of 9.8 reflects the high potential for total database compromise, including the theft of user credentials, system configuration, or monitoring data. This represents a significant risk to the confidentiality and integrity of the entire management framework.

Immediate Action: Upgrade Cacti to version 1.2.31 or later to ensure all SQL inputs are properly sanitized and parameterized.

Proactive Monitoring: Review database query logs for unusual patterns or SQL syntax errors that may indicate automated injection attempts.

Compensating Controls: Disable guest access to the Cacti interface if it is not strictly required for business operations to reduce the attack surface.

Public Exploit Available: Unknown

SQL injection is a critical vulnerability that must be addressed immediately to prevent data exfiltration. Organizations should apply the vendor-provided patch and audit database activity for any signs of post-compromise manipulation.