Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2019-16723
In Cacti up to and including 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
Cacti Cacti
4.8
CVSSv3
CVE-2018-20723
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
Cacti Cacti
4.8
CVSSv3
CVE-2018-20724
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
Cacti Cacti
4.8
CVSSv3
CVE-2018-20725
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
Cacti Cacti
5.4
CVSSv3
CVE-2018-20726
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
Cacti Cacti
NA
CVE-2015-8369
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and previous versions allows remote malicious users to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
Cacti Cacti
8.8
CVSSv3
CVE-2014-4000
Cacti prior to 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
Cacti Cacti
6.5
CVSSv3
CVE-2023-46490
SQL Injection vulnerability in Cacti v1.2.25 allows a remote malicious user to obtain sensitive information via the form_actions() function in the managers.php function.
Cacti Cacti 1.2.25
6.1
CVSSv3
CVE-2022-41444
Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.
Cacti Cacti 1.2.21
8.8
CVSSv3
CVE-2023-51448
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utili...
Cacti Cacti 1.2.25
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »