Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-49085
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pol...
Cacti Cacti
1 Metasploit module
NA
CVE-2023-49088
Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious da...
Cacti Cacti
NA
CVE-2023-37543
Cacti prior to 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.
Cacti Cacti
3.5
CVSSv2
CVE-2018-20723
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
Cacti Cacti
3.5
CVSSv2
CVE-2018-20726
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
Cacti Cacti
3.5
CVSSv2
CVE-2017-12978
lib/html.php in Cacti prior to 1.1.18 has XSS via the title field of an external link added by an authenticated user.
Cacti Cacti
4
CVSSv2
CVE-2019-16723
In Cacti up to and including 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
Cacti Cacti
3.5
CVSSv2
CVE-2017-12066
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti prior to 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists beca...
Cacti Cacti
6.5
CVSSv2
CVE-2015-8604
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and previous versions allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
Cacti Cacti
7.5
CVSSv2
CVE-2015-8369
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and previous versions allows remote malicious users to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
Cacti Cacti
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »