Search for packages
| purl | pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3 |
| Next non-vulnerable version | 1.2.30+ds1-1 |
| Latest non-vulnerable version | 1.2.30+ds1-1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3y7d-ujep-4ydm
Aliases: CVE-2024-34340 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue. |
Affected by 3 other vulnerabilities. |
|
VCID-44fx-4w2y-y3dy
Aliases: CVE-2024-31458 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue. |
Affected by 3 other vulnerabilities. |
|
VCID-4e5y-1s19-r7g7
Aliases: CVE-2025-66399 |
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29. |
Affected by 0 other vulnerabilities. |
|
VCID-4twv-1yys-eban
Aliases: CVE-2025-22604 |
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29. |
Affected by 3 other vulnerabilities. |
|
VCID-6t6n-ws5n-wkay
Aliases: CVE-2024-31443 |
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. |
Affected by 3 other vulnerabilities. |
|
VCID-6ze5-dqdn-ykg3
Aliases: CVE-2024-45598 |
Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29. |
Affected by 3 other vulnerabilities. |
|
VCID-7m68-seeq-tuae
Aliases: CVE-2025-24368 |
Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29. |
Affected by 3 other vulnerabilities. |
|
VCID-85gc-u991-z3dw
Aliases: CVE-2024-25641 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. |
Affected by 3 other vulnerabilities. |
|
VCID-be57-gxmc-vqd4
Aliases: CVE-2024-43362 |
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue. |
Affected by 3 other vulnerabilities. |
|
VCID-cqr3-wwhj-tyck
Aliases: CVE-2022-48538 |
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password. |
Affected by 3 other vulnerabilities. |
|
VCID-fhtp-y9a5-vqgj
Aliases: CVE-2024-31445 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue. |
Affected by 3 other vulnerabilities. |
|
VCID-hj89-pnag-3fer
Aliases: CVE-2024-43363 |
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability. |
Affected by 3 other vulnerabilities. |
|
VCID-jkca-shmj-mbbu
Aliases: CVE-2024-31459 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue. |
Affected by 3 other vulnerabilities. |
|
VCID-k7kv-za2s-dud5
Aliases: CVE-2024-31460 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue. |
Affected by 3 other vulnerabilities. |
|
VCID-khhn-9sja-sfgr
Aliases: CVE-2025-24367 |
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29. |
Affected by 3 other vulnerabilities. |
|
VCID-mebp-4rfu-vqcq
Aliases: CVE-2024-47875 GHSA-gx9m-whjm-85jf |
DOMpurify has a nesting-based mXSS DOMpurify was vulnerable to nesting-based mXSS fixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and [merge 943](https://github.com/cure53/DOMPurify/pull/943) Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking POC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098) |
Affected by 3 other vulnerabilities. |
|
VCID-pxqa-nkv3-jqfs
Aliases: CVE-2023-30534 |
Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
Affected by 0 other vulnerabilities. |
|
VCID-qnz1-w7bb-97ee
Aliases: CVE-2022-41444 |
Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php. |
Affected by 3 other vulnerabilities. |
|
VCID-s8du-gzj2-gkc1
Aliases: CVE-2024-43364 |
Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability. |
Affected by 3 other vulnerabilities. |
|
VCID-sx2t-uzae-2fh9
Aliases: CVE-2024-54145 |
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29. |
Affected by 3 other vulnerabilities. |
|
VCID-vbs9-gben-9kgc
Aliases: CVE-2024-48910 GHSA-p3vf-v8qc-cwcr |
DOMPurify vulnerable to tampering by prototype polution dompurify was vulnerable to prototype pollution Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc |
Affected by 3 other vulnerabilities. |
|
VCID-xdbp-7rtr-fyb7
Aliases: CVE-2024-43365 |
Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability. |
Affected by 3 other vulnerabilities. |
|
VCID-xkkm-ss3p-1udc
Aliases: CVE-2023-46490 |
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function. |
Affected by 0 other vulnerabilities. |
|
VCID-y683-kz6e-afhv
Aliases: CVE-2024-31444 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. |
Affected by 3 other vulnerabilities. |
|
VCID-zxu5-equ9-1kam
Aliases: CVE-2025-45160 |
A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject arbitrary HTML elements (e.g., <h1>, <b>, <svg>) into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-34z4-1zqk-afcm | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39515
|
| VCID-3tqy-g42y-9fef | A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field |
CVE-2020-25706
|
| VCID-5ykb-6nvx-k3e4 | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39362
|
| VCID-8nbc-ethb-6kcn | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2019-17358
|
| VCID-9swv-zvke-ubet | Multiple vulnerabilities have been found in Cacti, the worst of which could result in the arbitrary execution of code. |
CVE-2020-8813
|
| VCID-a8j1-24bw-gudu | security update |
CVE-2023-39364
|
| VCID-akj7-kh8f-97ct | security update |
CVE-2023-49088
|
| VCID-ay5a-nkmf-5yar | security update |
CVE-2023-49086
|
| VCID-c2b8-ss11-9yhq | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39360
|
| VCID-cre7-1uhc-bka2 | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2019-16723
|
| VCID-cxs3-zh36-m7en | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2020-7106
|
| VCID-d7db-n89n-qyd8 | security update |
CVE-2023-49084
|
| VCID-e48s-dv1e-4fgn | In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. |
CVE-2020-13231
|
| VCID-fwp2-z586-ebbq | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2019-17357
|
| VCID-h3qa-svy4-1fcr | security update |
CVE-2023-49085
|
| VCID-huf2-qwju-6bf2 | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39365
|
| VCID-k6z6-4pb4-tbeu | Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. |
CVE-2020-23226
|
| VCID-pau5-hfbv-nucp | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39513
|
| VCID-qvkt-vk55-4bbx | A vulnerability in Cacti could lead to remote code execution. |
CVE-2020-35701
|
| VCID-rftg-byj2-jkh9 | Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723. |
CVE-2023-37543
|
| VCID-sb43-hapb-1uf2 | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39357
|
| VCID-ses2-y1j2-vbbx | Multiple vulnerabilities have been found in Cacti, the worst of which could result in the arbitrary execution of code. |
CVE-2020-14295
|
| VCID-uj1s-uuyx-mya5 | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2020-7237
|
| VCID-vsjt-qjyw-hbfs | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39359
|
| VCID-wrxa-2us4-vkf9 | In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). |
CVE-2020-13230
|
| VCID-ws4h-295a-9qgx | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39516
|
| VCID-xbb2-av4z-m3dp | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2022-46169
|
| VCID-xpvn-y3b8-skgb | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2022-0730
|
| VCID-ypan-57sx-vyam | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39361
|