CVE-2024-12535

The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefin...

CVE-2024-12535

The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefin...

CVE-2024-12535 Host PHP Info <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Disclosure

The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefin...

PT-2025-1888 · WordPress · Host Php Info

Name of the Vulnerable Software and Affected Versions: Host PHP Info plugin for WordPress versions up to, and including, 1.0.4 Description: The issue allows unauthorized access to data due to a missing capability check when including the phpinfo function. This makes it possible for unauthenticate...

WordPress Host PHP Info plugin <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Host PHP Info versions = 1.0.4...

DEBIAN-CVE-2023-39360

Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data. The vulnerability is found in graphsnew.php. Several validations are performed, but the...

PT-2023-4992 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.25 Description: Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability that allows an authenticated user to...

SUSE CVE-2013-5589

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

SUSE CVE-2017-16785

Cacti 1.1.27 has reflected XSS via the PATHINFO to host.php...

SUSE CVE-2018-20726

A cross-site scripting XSS vulnerability exists in host.php via tree.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices...

DEBIAN-CVE-2018-20726

A cross-site scripting XSS vulnerability exists in host.php via tree.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices...

Cacti cross-site scripting vulnerability (CNVD-2017-36486)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in Cacti version 1.1.27...

UBUNTU-CVE-2017-16785

Cacti 1.1.27 has reflected XSS via the PATHINFO to host.php...

CVE-2013-5589

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

DEBIAN-CVE-2010-1644

Multiple cross-site scripting XSS vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing HPC Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the 1 hostname or 2 description parameter to host.php, or 3 the hostid paramet...

No title provided

Multiple cross-site scripting XSS vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing HPC Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the 1 hostname or 2 description parameter to host.php, or 3 the hostid paramet...