CVE-2025-26520: Cacti through 1.2.29 allows SQL injection in the template function in ...

Severity: Critical

CVSS Score: 9.8

Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.