VulnerableCode Package Details - pkg:deb/debian/cacti@1.1.27%2Bds1-3?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-q88b-smmh-77ga	Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.	CVE-2017-16660
VCID-qbvv-frc2-rqbk	lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.	CVE-2017-16641
VCID-x1fg-6mq4-d7ds	Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.	CVE-2017-16661
VCID-yjny-ubdp-7few	Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.	CVE-2017-16785

Vulnerability

Summary

Aliases

VCID-q88b-smmh-77ga

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.

CVE-2017-16660

VCID-qbvv-frc2-rqbk

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.

CVE-2017-16641

VCID-x1fg-6mq4-d7ds

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.

CVE-2017-16661

VCID-yjny-ubdp-7few

Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.

CVE-2017-16785

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:24:11.891182+00:00	Debian Importer	Fixing	VCID-yjny-ubdp-7few	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T13:01:38.370327+00:00	Debian Importer	Fixing	VCID-q88b-smmh-77ga	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:45:21.809829+00:00	Debian Importer	Fixing	VCID-x1fg-6mq4-d7ds	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:34:12.668334+00:00	Debian Importer	Fixing	VCID-qbvv-frc2-rqbk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:14:39.375440+00:00	Debian Importer	Fixing	VCID-yjny-ubdp-7few	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:57:12.929148+00:00	Debian Importer	Fixing	VCID-q88b-smmh-77ga	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:16:29.281524+00:00	Debian Importer	Fixing	VCID-x1fg-6mq4-d7ds	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:08:22.624067+00:00	Debian Importer	Fixing	VCID-qbvv-frc2-rqbk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:18:24.166475+00:00	Debian Importer	Fixing	VCID-yjny-ubdp-7few	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:17:02.958776+00:00	Debian Importer	Fixing	VCID-q88b-smmh-77ga	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:19.310198+00:00	Debian Importer	Fixing	VCID-x1fg-6mq4-d7ds	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:37.454509+00:00	Debian Importer	Fixing	VCID-qbvv-frc2-rqbk	https://security-tracker.debian.org/tracker/data/json	38.1.0