A critical unauthenticated SQL injection vulnerability in Cacti allows remote attackers to execute arbitrary database queries, leading to potential full system compromise.

The application fails to properly sanitize input via the FILTER_VALIDATE_REGEXP in graph_view.php. This allows an unauthenticated attacker to inject malicious SQL commands directly into the database query structure.

This vulnerability carries a CVSS score of 9.8, reflecting the high potential for data exfiltration, database modification, or complete administrative takeover of the Cacti framework. The impact includes significant risk to organizational data integrity and potential unauthorized access to sensitive performance monitoring metrics.

Immediate Action: Upgrade Cacti to version 1.2.31 or later to implement the necessary input validation fixes.

Proactive Monitoring: Monitor database query logs for suspicious patterns or unexpected syntax that may indicate SQL injection attempts.

Compensating Controls: Deploy a Web Application Firewall (WAF) with updated rulesets to detect and block common SQL injection payloads targeting the graph_view.php endpoint.

Public Exploit Available: No

Given that this vulnerability is unauthenticated and allows for full database control, immediate patching is required. Organizations should treat this as a high-priority remediation task to protect their monitoring infrastructure from unauthorized access.