Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti cacti vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2016-3172
SQL injection vulnerability in tree.php in Cacti 0.8.8g and previous versions allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.
Cacti Cacti
4.8
CVSSv3
CVE-2018-20723
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
Cacti Cacti
4.8
CVSSv3
CVE-2018-20725
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
Cacti Cacti
8.8
CVSSv3
CVE-2016-3659
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.
Cacti Cacti
5.4
CVSSv3
CVE-2018-10059
Cacti prior to 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.
Cacti Cacti
6.1
CVSSv3
CVE-2020-14424
Cacti prior to 1.2.18 allows remote malicious users to trigger XSS via template import for the midwinter theme.
Cacti Cacti
9.8
CVSSv3
CVE-2017-12065
spikekill.php in Cacti prior to 1.1.16 might allow remote malicious users to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
Cacti Cacti
5.4
CVSSv3
CVE-2017-12066
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti prior to 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists beca...
Cacti Cacti
7.5
CVSSv3
CVE-2023-37543
Cacti prior to 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.
Cacti Cacti
8.8
CVSSv3
CVE-2014-4000
Cacti prior to 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
Cacti Cacti
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »