Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-15194
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
Cacti Cacti 1.1.25
8.8
CVSSv3
CVE-2023-51448
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utili...
Cacti Cacti 1.2.25
1 Github repository
8.8
CVSSv3
CVE-2017-1000031
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote malicious users to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
Cacti Cacti 0.8.8b
6.1
CVSSv3
CVE-2017-1000032
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote malicious users to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.
Cacti Cacti 0.8.8b
6.1
CVSSv3
CVE-2017-12927
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
Cacti Cacti 1.1.17
5.4
CVSSv3
CVE-2021-3816
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.
Cacti Cacti 1.1.38
5.3
CVSSv3
CVE-2022-48538
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.
Cacti Cacti 1.2.19
6.1
CVSSv3
CVE-2022-41444
Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.
Cacti Cacti 1.2.21
6.1
CVSSv3
CVE-2021-26247
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
Cacti Cacti 0.8.7g
7.2
CVSSv3
CVE-2017-16641
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
Cacti Cacti 1.1.27
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »