Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti cacti vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-6035
SQL injection vulnerability in graph.php in Cacti prior to 0.8.7a allows remote malicious users to execute arbitrary SQL commands via the local_graph_id parameter.
Cacti Cacti
NA
CVE-2023-37543
Cacti prior to 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.
Cacti Cacti
NA
CVE-2023-31132
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document d...
Cacti Cacti
7.5
CVSSv2
CVE-2017-12065
spikekill.php in Cacti prior to 1.1.16 might allow remote malicious users to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
Cacti Cacti
6.5
CVSSv2
CVE-2016-3172
SQL injection vulnerability in tree.php in Cacti 0.8.8g and previous versions allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.
Cacti Cacti
6.5
CVSSv2
CVE-2016-10700
auth_login.php in Cacti prior to 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an in...
Cacti Cacti
7.5
CVSSv2
CVE-2015-8369
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and previous versions allows remote malicious users to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
Cacti Cacti
3.5
CVSSv2
CVE-2018-10059
Cacti prior to 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.
Cacti Cacti
3.5
CVSSv2
CVE-2018-20723
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
Cacti Cacti
3.5
CVSSv2
CVE-2018-20724
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
Cacti Cacti
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »