Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-25706
A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field
Cacti Cacti 1.2.13
Debian Debian Linux 10.0
6.5
CVSSv2
CVE-2020-14295
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
Cacti Cacti 1.2.12
Fedoraproject Fedora 31
Fedoraproject Fedora 32
3 Github repositories
4
CVSSv2
CVE-2020-13230
In Cacti prior to 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
Cacti Cacti
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
4.3
CVSSv2
CVE-2020-13231
In Cacti prior to 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
Cacti Cacti
Fedoraproject Fedora 31
Fedoraproject Fedora 32
9.3
CVSSv2
CVE-2020-8813
graph_realtime.php in Cacti 1.2.8 allows remote malicious users to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
Cacti Cacti 1.2.8
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opmantek Open-audit 3.3.1
Opensuse Suse Package Hub
Debian Debian Linux 10.0
2 EDB exploits
5 Github repositories
4
CVSSv2
CVE-2019-17357
Cacti up to and including 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to ex...
Cacti Cacti
9
CVSSv2
CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify t...
Cacti Cacti 1.2.8
4.3
CVSSv2
CVE-2020-7106
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displa...
Cacti Cacti
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Suse Package Hub -
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Extra Packages For Enterprise Linux 9.0
Fedoraproject Extra Packages For Enterprise Linux 7.0
6.5
CVSSv2
CVE-2020-7058
data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm.
Cacti Cacti 1.2.8
5.5
CVSSv2
CVE-2019-17358
Cacti up to and including 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cau...
Cacti Cacti
Debian Debian Linux 8.0
Opensuse Leap 42.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »