2 matches found
PT-2024-12: SQL Injection in Cacti
The vulnerability was identified in Cacti version 1.2.25 and below. It allows to execute arbitrary SQL code. The vulnerability can be exploited by an authorized user using the vulnerable component pollers.php. Vulnerability status: Confirmed by vendor Date of vulnerability detection: 22.12.2023...
PT-2023-30050 · Cacti +2 · Cacti +2
Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.25 Description: The issue allows a remote attacker to obtain sensitive information via the form actions function in the managers.php file. Recommendations: For Cacti version 1.2.25, consider disabling the form actions functi...