8.7 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.4%
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
forums.cacti.net/viewtopic.php?f=4&t=56794
security-tracker.debian.org/tracker/CVE-2014-4000
security.gentoo.org/glsa/201711-10
www.cacti.net/release_notes_1_0_0.php