Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2017-12978
lib/html.php in Cacti prior to 1.1.18 has XSS via the title field of an external link added by an authenticated user.
Cacti Cacti
NA
CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a...
Cacti Cacti
1 Metasploit module
42 Github repositories
NA
CVE-2023-37543
Cacti prior to 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.
Cacti Cacti
6.5
CVSSv2
CVE-2016-3659
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.
Cacti Cacti
4
CVSSv2
CVE-2019-16723
In Cacti up to and including 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
Cacti Cacti
6.5
CVSSv2
CVE-2015-8604
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and previous versions allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
Cacti Cacti
6.5
CVSSv2
CVE-2015-0916
SQL injection vulnerability in graph.php in Cacti prior to 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035.
Cacti Cacti
3.5
CVSSv2
CVE-2021-3816
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.
Cacti Cacti 1.1.38
3.5
CVSSv2
CVE-2017-11691
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote malicious users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
Cacti Cacti 1.1.13
NA
CVE-2023-46490
SQL Injection vulnerability in Cacti v1.2.25 allows a remote malicious user to obtain sensitive information via the form_actions() function in the managers.php function.
Cacti Cacti 1.2.25
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »