Lucene search
K

5 matches found

OSV
OSV
added 2026/06/24 11:16 p.m.4 views

DEBIAN-CVE-2026-39948

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.8CVSS5.9AI score0.00456EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 11:16 p.m.2 views

DEBIAN-CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 11:16 p.m.3 views

UBUNTU-CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.8AI score0.00315EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 10:49 p.m.18 views

CVE-2026-39955 Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS0.00315EPSS
Exploits0References2
OSV
OSV
added 2025/08/30 2:15 p.m.4 views

UBUNTU-CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

8.7CVSS6.2AI score0.01781EPSS
Exploits1References8
Rows per page
Query Builder