5 matches found
CVE-2023-30534
Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory phpseclib, the necessary gadgets are not included, making them inaccessible an...
CVE-2023-30534
Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory phpseclib, the necessary gadgets are not included, making them inaccessible an...
cacti -- multiple vulnerabilities
The Cacti Group, Inc. reports: Changelog bug:0002652: CVE-2015-8604: SQL injection in graphsnew.php bug:0002655: CVE-2015-8377: SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php bug:0002656: Authentication using web authentication as a user not in the cacti database...
Cacti host_new_graphs_save function SQL injection vulnerability
Cacti is a rotating database RRD tool. In Cacti 0.8.8f and earlier versions, a sql injection vulnerability exists in the function hostnewgraphssave within graphsnew.php. An attacker can exploit this vulnerability to execute arbitrary sql commands...
DEBIAN-CVE-2015-8377
SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selectedgraphsarray parameter in a save action...