Search for packages
| purl | pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie |
| Next non-vulnerable version | 1.2.16+ds1-2+deb11u4 |
| Latest non-vulnerable version | 1.2.30+ds1-2 |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4e5y-1s19-r7g7
Aliases: CVE-2025-66399 |
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-cqr3-wwhj-tyck
Aliases: CVE-2022-48538 |
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password. |
Affected by 0 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-pxqa-nkv3-jqfs
Aliases: CVE-2023-30534 |
Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-xkkm-ss3p-1udc
Aliases: CVE-2023-46490 |
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zxu5-equ9-1kam
Aliases: CVE-2025-45160 |
A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject arbitrary HTML elements (e.g., <h1>, <b>, <svg>) into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27. |
Affected by 0 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-17s1-2cfu-nfbg | graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113. |
CVE-2007-3112
|
| VCID-1ff1-vhuj-hkdc | Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php. |
CVE-2021-3816
|
| VCID-1v2t-kcm2-efad | SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. |
CVE-2017-1000031
|
| VCID-29q9-twke-2bdx | A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. |
CVE-2018-20725
|
| VCID-2wj2-hvma-mqcz | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2015-8377
|
| VCID-2z9e-eg1f-bqg5 | Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. |
CVE-2018-10060
|
| VCID-34z4-1zqk-afcm | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39515
|
| VCID-3rsg-kswx-73bj | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. |
CVE-2015-2967
|
| VCID-3tqy-g42y-9fef | A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field |
CVE-2020-25706
|
| VCID-3x9k-en7a-nkht | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-3659
|
| VCID-3y7d-ujep-4ydm | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue. |
CVE-2024-34340
|
| VCID-44fx-4w2y-y3dy | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue. |
CVE-2024-31458
|
| VCID-45r8-13j6-yqf9 | Cacti is vulnerable to several SQL injection, authentication bypass and file inclusion vulnerabilities. |
CVE-2005-1526
|
| VCID-4twv-1yys-eban | Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29. |
CVE-2025-22604
|
| VCID-4ytj-s8hh-6bd5 | SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter. |
CVE-2011-4824
|
| VCID-5ccj-b3a9-67g2 | Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code. |
CVE-2006-0806
|
| VCID-5dm9-jpwc-gkeu | Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. |
CVE-2010-1645
|
| VCID-5ykb-6nvx-k3e4 | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39362
|
| VCID-64zc-tzat-fuhu | graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode. |
CVE-2002-1477
|
| VCID-6dxh-qpg7-q7g8 | Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. |
CVE-2010-2544
|
| VCID-6n31-d4xy-d3fj | A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. |
CVE-2017-12927
|
| VCID-6t6n-ws5n-wkay | Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. |
CVE-2024-31443
|
| VCID-6ze5-dqdn-ykg3 | Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29. |
CVE-2024-45598
|
| VCID-77tn-swar-87ec | several |
CVE-2013-5588
|
| VCID-7dp4-9zks-mbgd | Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). |
CVE-2018-10061
|
| VCID-7fvn-b8hn-dqeh | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-3172
|
| VCID-7m68-seeq-tuae | Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29. |
CVE-2025-24368
|
| VCID-7mht-4urq-13ek | security update |
CVE-2015-2665
|
| VCID-7p95-t48a-hkdb | Multiple vulnerabilities were discovered in Cacti. |
CVE-2008-0784
|
| VCID-85gc-u991-z3dw | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. |
CVE-2024-25641
|
| VCID-86gq-jsgy-8uep | Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php. |
CVE-2021-23225
|
| VCID-88mp-1anp-m3g5 | Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. |
CVE-2010-2545
|
| VCID-89pf-69jk-syfk | A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. |
CVE-2018-20724
|
| VCID-8j9j-nau8-a7cd | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. |
CVE-2014-2708
|
| VCID-8max-2avj-hkdt | Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist. |
CVE-2023-51448
|
| VCID-8nbc-ethb-6kcn | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2019-17358
|
| VCID-8pnc-kuf5-jqda | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2015-8369
|
| VCID-9fdf-h49c-5qcj | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2313
|
| VCID-9hqq-k4ax-77d8 | Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode. |
CVE-2002-1478
|
| VCID-9snd-k1cz-gyb5 | include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. |
CVE-2017-15194
|
| VCID-9swv-zvke-ubet | Multiple vulnerabilities have been found in Cacti, the worst of which could result in the arbitrary execution of code. |
CVE-2020-8813
|
| VCID-9vce-mkth-v3gn | Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163. |
CVE-2017-12066
|
| VCID-9x72-e9wx-mqf4 | Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code. |
CVE-2006-0146
|
| VCID-a1a1-zuaj-mqaa | Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue. |
CVE-2024-27082
|
| VCID-a4qr-bw5v-t3hx | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-31132
|
| VCID-a8j1-24bw-gudu | security update |
CVE-2023-39364
|
| VCID-aajr-s1n1-4ybu | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2017-12065
|
| VCID-afss-mcgj-7bce | Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. |
CVE-2017-11691
|
| VCID-akj7-kh8f-97ct | security update |
CVE-2023-49088
|
| VCID-ante-y18a-yyg7 | security update |
CVE-2015-4454
|
| VCID-atbu-eegm-3ufy | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. |
CVE-2014-2326
|
| VCID-ay5a-nkmf-5yar | security update |
CVE-2023-49086
|
| VCID-b8nc-qman-zkcd | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2014-5261
|
| VCID-be57-gxmc-vqd4 | Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue. |
CVE-2024-43362
|
| VCID-bj2d-v5dw-ykc7 | Cacti: Privilege escalation under certain conditions |
CVE-2009-4112
|
| VCID-bwzz-1txv-3kam | Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. |
CVE-2017-1000032
|
| VCID-bzm7-peh5-nqba | Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc. |
CVE-2024-29895
|
| VCID-c2b8-ss11-9yhq | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39360
|
| VCID-c4w5-q88d-z3hg | Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. |
CVE-2018-10059
|
| VCID-cpkb-6zw3-rffv | With special configurations of Cacti it is possible to change passwords via a SQL injection attack. |
CVE-2004-1737
|
| VCID-cre7-1uhc-bka2 | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2019-16723
|
| VCID-cv9v-rynk-m7eb | Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. |
CVE-2013-1435
|
| VCID-cww1-muhf-z7aj | Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php. |
CVE-2005-2148
|
| VCID-cxs3-zh36-m7en | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2020-7106
|
| VCID-d7db-n89n-qyd8 | security update |
CVE-2023-49084
|
| VCID-d7t8-6cty-sqde | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39358
|
| VCID-dbsu-au7h-xbcv | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. |
CVE-2014-5025
|
| VCID-dcnt-ev6f-tydd | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2015-8604
|
| VCID-ddq2-myvr-wfgz | Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
CVE-2011-5223
|
| VCID-djgb-xu1j-53fb | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. |
CVE-2014-4002
|
| VCID-du4b-tbxt-mqfr | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. |
CVE-2023-39366
|
| VCID-dup5-9qdp-5udn | Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146. |
CVE-2025-26520
|
| VCID-dycc-rydh-kycy | Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. |
CVE-2010-2092
|
| VCID-e48s-dv1e-4fgn | In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. |
CVE-2020-13231
|
| VCID-eer6-7vj2-3ycx | Cacti is vulnerable to several SQL injection, authentication bypass and file inclusion vulnerabilities. |
CVE-2005-1525
|
| VCID-fhtp-y9a5-vqgj | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue. |
CVE-2024-31445
|
| VCID-fq36-1r9h-aff2 | several |
CVE-2013-5589
|
| VCID-fwp2-z586-ebbq | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2019-17357
|
| VCID-gdfw-gryt-8qhg | Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. |
CVE-2017-10970
|
| VCID-gds4-k19q-ryf6 | Multiple vulnerabilities were discovered in Cacti. |
CVE-2008-0785
|
| VCID-h3qa-svy4-1fcr | security update |
CVE-2023-49085
|
| VCID-h6vp-37u4-b7f3 | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39510
|
| VCID-hb4z-bmkm-akee | auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313. |
CVE-2016-10700
|
| VCID-hdjk-szxs-5bdu | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2020-14424
|
| VCID-he8q-5n8u-27dv | Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity. |
CVE-2005-10004
|
| VCID-hj89-pnag-3fer | Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability. |
CVE-2024-43363
|
| VCID-huf2-qwju-6bf2 | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39365
|
| VCID-hwep-pw4e-efh5 | security update |
CVE-2015-4342
|
| VCID-jg8r-f76d-rke1 | cacti: Multiple cross-site scripting flaws |
CVE-2009-4032
|
| VCID-jkca-shmj-mbbu | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue. |
CVE-2024-31459
|
| VCID-jmv3-vh81-zfdq | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2022-48547
|
| VCID-k6z6-4pb4-tbeu | Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. |
CVE-2020-23226
|
| VCID-k7kv-za2s-dud5 | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue. |
CVE-2024-31460
|
| VCID-khhn-9sja-sfgr | Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29. |
CVE-2025-24367
|
| VCID-kjcg-xe2b-akap | Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code. |
CVE-2006-0147
|
| VCID-kkn3-ars7-gkbk | A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. |
CVE-2018-20723
|
| VCID-m6nf-2ppj-4fhg | Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. |
CVE-2010-2543
|
| VCID-mebp-4rfu-vqcq | DOMpurify has a nesting-based mXSS DOMpurify was vulnerable to nesting-based mXSS fixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and [merge 943](https://github.com/cure53/DOMPurify/pull/943) Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking POC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098) |
CVE-2024-47875
GHSA-gx9m-whjm-85jf |
| VCID-mwbm-aphc-akgu | Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available. |
CVE-2023-50250
|
| VCID-myxu-h49e-77f1 | In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. |
CVE-2013-7464
|
| VCID-nbfc-ex1y-37he | A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. |
CVE-2018-20726
|
| VCID-p2u2-5yuu-jydy | As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter. |
CVE-2021-26247
|
| VCID-p74d-rbz3-sbb3 | An SQL injection vulnerability has been discovered in Cacti. |
CVE-2007-6035
|
| VCID-pau5-hfbv-nucp | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39513
|
| VCID-pf3g-22dc-5yc5 | Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message. |
CVE-2004-1736
|
| VCID-pwrm-brmn-j7cc | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. |
CVE-2014-2328
|
| VCID-q88b-smmh-77ga | Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. |
CVE-2017-16660
|
| VCID-qbvv-frc2-rqbk | lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. |
CVE-2017-16641
|
| VCID-qfjt-2g9r-nucs | config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks. |
CVE-2005-2149
|
| VCID-qncj-2u1d-7bgu | In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. |
CVE-2019-11025
|
| VCID-qnz1-w7bb-97ee | Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php. |
CVE-2022-41444
|
| VCID-qvkt-vk55-4bbx | A vulnerability in Cacti could lead to remote code execution. |
CVE-2020-35701
|
| VCID-rftg-byj2-jkh9 | Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723. |
CVE-2023-37543
|
| VCID-rrpb-xhca-dkcf | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. |
CVE-2014-2327
|
| VCID-s8du-gzj2-gkc1 | Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability. |
CVE-2024-43364
|
| VCID-sb43-hapb-1uf2 | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39357
|
| VCID-scas-pk48-tyc4 | Multiple vulnerabilities were discovered in Cacti. |
CVE-2008-0783
|
| VCID-sdme-n5ez-67fw | cacti: SQL injection vulnerability (BONSAI-2010-0104) |
CVE-2010-1431
|
| VCID-ses2-y1j2-vbbx | Multiple vulnerabilities have been found in Cacti, the worst of which could result in the arbitrary execution of code. |
CVE-2020-14295
|
| VCID-sx2t-uzae-2fh9 | Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29. |
CVE-2024-54145
|
| VCID-t9my-r77a-w7ga | Multiple vulnerabilities were discovered in Cacti. |
CVE-2008-0786
|
| VCID-tsfy-6cbv-r7hf | security update |
CVE-2015-4634
|
| VCID-tu9w-kh79-9kc8 | Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. |
CVE-2013-1434
|
| VCID-tucb-znqr-k7fy | Cacti is vulnerable to several SQL injection, authentication bypass and file inclusion vulnerabilities. |
CVE-2005-1524
|
| VCID-u478-39pb-tkay | lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. |
CVE-2017-12978
|
| VCID-uj1s-uuyx-mya5 | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2020-7237
|
| VCID-vbs9-gben-9kgc | DOMPurify vulnerable to tampering by prototype polution dompurify was vulnerable to prototype pollution Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc |
CVE-2024-48910
GHSA-p3vf-v8qc-cwcr |
| VCID-vsjt-qjyw-hbfs | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39359
|
| VCID-vvsg-5pu2-wkcx | Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges. |
CVE-2002-1479
|
| VCID-w11p-1pr3-7ybp | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39511
|
| VCID-w1vc-ugdq-aygx | Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. |
CVE-2017-11163
|
| VCID-w7pb-rt12-y3gs | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2014-5262
|
| VCID-wrxa-2us4-vkf9 | In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). |
CVE-2020-13230
|
| VCID-ws4h-295a-9qgx | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39516
|
| VCID-x1fg-6mq4-d7ds | Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd. |
CVE-2017-16661
|
| VCID-xbb2-av4z-m3dp | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2022-46169
|
| VCID-xdbp-7rtr-fyb7 | Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability. |
CVE-2024-43365
|
| VCID-xpvn-y3b8-skgb | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2022-0730
|
| VCID-xxvt-pw21-v7dk | Cacti has three vulnerabilities that could allow shell command execution or SQL injection. |
CVE-2006-6799
|
| VCID-y4py-r1dd-9bcu | Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue. |
CVE-2024-29894
|
| VCID-y683-kz6e-afhv | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. |
CVE-2024-31444
|
| VCID-y6jw-jm1g-ubgx | Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. |
CVE-2010-1644
|
| VCID-ya95-dsw9-pfhw | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. |
CVE-2014-5026
|
| VCID-ybx7-gpq4-33ha | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. |
CVE-2014-2709
|
| VCID-ye6u-vkxs-w7fz | Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29. |
CVE-2024-54146
|
| VCID-yjny-ubdp-7few | Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. |
CVE-2017-16785
|
| VCID-yp44-k5kc-kqbd | Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit a38b9046e9772612fda847b46308f9391a49891e. |
CVE-2024-30268
|
| VCID-ypan-57sx-vyam | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39361
|
| VCID-yqvt-gasb-t3bq | Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code. |
CVE-2006-0410
|
| VCID-z2hd-9r1a-x7gr | Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter, different vectors than CVE-2007-3112. |
CVE-2007-3113
|
| VCID-zf92-pzgz-dfg7 | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39512
|
| VCID-zjgu-8ns1-rbhr | SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. |
CVE-2015-0916
|
| VCID-znew-xktt-p7hy | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39514
|
| VCID-zwne-uyfj-5bf8 | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2014-4000
|