VulnerableCode Package Details - pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4twv-1yys-eban	Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.	CVE-2025-22604
VCID-6ze5-dqdn-ykg3	Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.	CVE-2024-45598
VCID-7m68-seeq-tuae	Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.	CVE-2025-24368
VCID-khhn-9sja-sfgr	Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.	CVE-2025-24367
VCID-sx2t-uzae-2fh9	Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.	CVE-2024-54145
VCID-ye6u-vkxs-w7fz	Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.	CVE-2024-54146

Vulnerability

Summary

Aliases

VCID-4twv-1yys-eban

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.

CVE-2025-22604

VCID-6ze5-dqdn-ykg3

Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.

CVE-2024-45598

VCID-7m68-seeq-tuae

Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.

CVE-2025-24368

VCID-khhn-9sja-sfgr

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.

CVE-2025-24367

VCID-sx2t-uzae-2fh9

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.

CVE-2024-54145

VCID-ye6u-vkxs-w7fz

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.

CVE-2024-54146

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:50:17.749090+00:00	Debian Importer	Fixing	VCID-7m68-seeq-tuae	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:14:33.750864+00:00	Debian Importer	Fixing	VCID-4twv-1yys-eban	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:48:25.648569+00:00	Debian Importer	Fixing	VCID-ye6u-vkxs-w7fz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:29:06.610213+00:00	Debian Importer	Fixing	VCID-khhn-9sja-sfgr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:58:35.328196+00:00	Debian Importer	Fixing	VCID-sx2t-uzae-2fh9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:50:52.329464+00:00	Debian Importer	Fixing	VCID-6ze5-dqdn-ykg3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:48:36.312931+00:00	Debian Importer	Fixing	VCID-7m68-seeq-tuae	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:38:43.587358+00:00	Debian Importer	Fixing	VCID-4twv-1yys-eban	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:18:50.854034+00:00	Debian Importer	Fixing	VCID-ye6u-vkxs-w7fz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:04:33.934188+00:00	Debian Importer	Fixing	VCID-khhn-9sja-sfgr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:41:00.827447+00:00	Debian Importer	Fixing	VCID-sx2t-uzae-2fh9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:35:00.077884+00:00	Debian Importer	Fixing	VCID-6ze5-dqdn-ykg3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:16:16.715261+00:00	Debian Importer	Fixing	VCID-7m68-seeq-tuae	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:10:50.681451+00:00	Debian Importer	Fixing	VCID-4twv-1yys-eban	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:31.809212+00:00	Debian Importer	Fixing	VCID-ye6u-vkxs-w7fz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:19.258318+00:00	Debian Importer	Fixing	VCID-khhn-9sja-sfgr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:06:38.167695+00:00	Debian Importer	Fixing	VCID-sx2t-uzae-2fh9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:06:07.209122+00:00	Debian Importer	Fixing	VCID-6ze5-dqdn-ykg3	https://security-tracker.debian.org/tracker/data/json	38.1.0