An unauthenticated SQL injection vulnerability in Cacti 1.2.30 and prior permits remote attackers to compromise the confidentiality, integrity, and availability of the database.

The vulnerability stems from improper validation of the 'rfilter' request parameter, which is directly concatenated into SQL queries. An unauthenticated attacker can supply a malicious payload to bypass regex validation, enabling arbitrary SQL injection on installations where guest graph viewing is enabled.

With a CVSS score of 9.3, this flaw is highly critical. A successful exploit grants an attacker the ability to dump sensitive database contents, modify records, or potentially disrupt service, leading to significant data loss or unauthorized access to internal management frameworks.

Immediate Action: Upgrade the Cacti installation to version 1.2.31 or later immediately.

Proactive Monitoring: Review database and web server access logs for anomalous SQL queries, particularly those involving 'RLIKE' syntax or unexpected character patterns.

Compensating Controls: Disable guest graph viewing functionality and deploy a Web Application Firewall (WAF) with rules configured to detect and block SQL injection patterns targeting the 'rfilter' parameter.

Public Exploit Available: Unknown

The severity of this SQL injection vulnerability necessitates an immediate upgrade to version 1.2.31. Organizations must treat this as a high-priority remediation to prevent unauthorized database access and ensure the continued integrity of the Cacti management framework.