8 matches found
CVE-2026-39948 Cacti has SQL Injection via rfilter parameter in RLIKE clauses
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...
EUVD-2019-7272
Malware in sbrugna...
SUSE CVE-2019-16723
In Cacti through 1.2.6, authenticated users may bypass authorization checks for viewing a graph via a direct graphjson.php request with a modified localgraphid parameter...
CVE-2019-16723
In Cacti through 1.2.6, authenticated users may bypass authorization checks for viewing a graph via a direct graphjson.php request with a modified localgraphid parameter...
The vulnerability of the local_graph_id function in the Cacti server monitoring system allows unauthorized access by bypassing authentication using a user-controlled key. This enables attackers to gain access to confidential data.
The vulnerability of the localgraphid function in the Cacti server monitoring system is related to an authentication check error for viewing graphs. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data...
UBUNTU-CVE-2019-16723
In Cacti through 1.2.6, authenticated users may bypass authorization checks for viewing a graph via a direct graphjson.php request with a modified localgraphid parameter...
CVE-2019-16723
In Cacti through 1.2.6, authenticated users may bypass authorization checks for viewing a graph via a direct graphjson.php request with a modified localgraphid parameter...
cacti -- Authenticated users may bypass authorization checks
The cacti developers reports: In Cacti through 1.2.6, authenticated users may bypass authorization checks for viewing a graph via a direct graphjson.php request with a modified localgraphid parameter...