20 matches found
Advisory ROSA-SA-2024-2535
software: cacti 1.2.25 AXIS: ROSA-CHROME packageevrstring: cacti-1.2.25-2 CVE-ID: CVE-2023-46490 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A SQL injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in managers.php. CVE-STATU...
Amazon Linux AMI : cacti (ALAS-2024-1915)
The version of cacti installed on the remote host is prior to 1.1.19-6.24. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1915 advisory. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerabili...
SQL Injection
Cacti is vulnerable to SQL Injection vulnerability. The vulnerability is due to improper sanitization and validation via the formactions function in the managers.php function. This issue can be exploited by an attacker to obtain sensitive information via SQL Injection...
SQL Injection (SQLi)
cacti:sid is a vulnerable of SQL Injection SQLi. The vulnerability due to receiving feature of SNMP Notification in the file ‘managers.php’. It leads to SQL Injection by allows the authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint...
CVE-2023-51448
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file ‘managers.php’. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...
Sql injection
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file ‘managers.php’. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...
CVE-2023-51448
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file ‘managers.php’. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...
CVE-2023-51448
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file ‘managers.php’. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...
CVE-2023-51448 SQL Injection vulnerability when managing SNMP Notification Receivers
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file ‘managers.php’. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...
CVE-2023-51448
CVE-2023-51448 affects Cacti 1.2.25, where a Blind SQL Injection flaw exists in SNMP Notification Receivers within managers.php. An authenticated user with Settings/Utilities can craft a GET request to /cacti/managers.php carrying an SQLi payload in selected_graphs_array, enabling potentially una...
CVE-2023-51448 SQL Injection vulnerability when managing SNMP Notification Receivers
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file ‘managers.php’. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...
Cacti SQL Injection Vulnerability
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data through snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti version 1.2.25 has a SQL injection vulnerability, the vulnerabili...
CVE-2023-46490
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...
CVE-2023-46490
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...
Sql injection
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...
PT-2023-30050 · Cacti +2 · Cacti +2
Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.25 Description: The issue allows a remote attacker to obtain sensitive information via the form actions function in the managers.php file. Recommendations: For Cacti version 1.2.25, consider disabling the form actions functi...
CVE-2023-46490
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...
CVE-2023-46490
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...
CVE-2023-46490
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...
CVE-2023-46490
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...