Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti cacti 1.2.25 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-39361
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an ena...
Cacti Cacti 1.2.24
Fedoraproject Fedora 37
Fedoraproject Fedora 38
8.8
CVSSv3
CVE-2023-51448
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utili...
Cacti Cacti 1.2.25
1 Github repository
8.8
CVSSv3
CVE-2023-49085
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pol...
Cacti Cacti
1 Metasploit module
8.8
CVSSv3
CVE-2023-49084
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitatio...
Cacti Cacti 1.2.25
1 Metasploit module
8.8
CVSSv3
CVE-2023-39358
Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability exists which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.php` file....
Cacti Cacti
Fedoraproject Fedora 37
Fedoraproject Fedora 38
8.8
CVSSv3
CVE-2023-39357
Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function exists. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prio...
Cacti Cacti 1.2.24
Fedoraproject Fedora 37
Fedoraproject Fedora 38
8.8
CVSSv3
CVE-2023-39359
Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability exists which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `graphs.php` file. When ...
Cacti Cacti
Fedoraproject Fedora 37
Fedoraproject Fedora 38
7.8
CVSSv3
CVE-2023-31132
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document d...
Cacti Cacti
7.2
CVSSv3
CVE-2023-39362
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution...
Cacti Cacti
Fedoraproject Fedora 37
Fedoraproject Fedora 38
2 Github repositories
6.5
CVSSv3
CVE-2023-46490
SQL Injection vulnerability in Cacti v1.2.25 allows a remote malicious user to obtain sensitive information via the form_actions() function in the managers.php function.
Cacti Cacti 1.2.25
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »