CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

RedhatCVE•added 2025/05/22 5:29 a.m.•6 views

CVE-2019-16131

framework/admin/moduleccontrol.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/...

8.8CVSS6.8AI score0.16451EPSS

Exploits3References1

CVE•added 2023/12/22 4:44 p.m.•56 views

CVE-2023-51448

CVE-2023-51448 affects Cacti 1.2.25, where a Blind SQL Injection flaw exists in SNMP Notification Receivers within managers.php. An authenticated user with Settings/Utilities can craft a GET request to /cacti/managers.php carrying an SQLi payload in selected_graphs_array, enabling potentially una...

8.8CVSS8.7AI score0.32076EPSS

Exploits1References3Affected Software1

NVD•added 2023/12/22 11:15 a.m.•17 views

CVE-2023-50569

Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2023-50250. Reason: This record is a reservation duplicate of CVE-2023-50250. Notes: All CVE users should reference CVE-2023-50250 instead of this record. All references and descriptions in this record have been removed to prevent...

Exploits0

OSV•added 2023/12/22 11:15 a.m.•31 views

CVE-2023-50569

Reflected Cross Site Scripting XSS vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templatesimport.php...

6.1CVSS6.1AI score

Exploits0References2

Prion•added 2023/12/22 11:15 a.m.•21 views

Cross site scripting

Reflected Cross Site Scripting XSS vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templatesimport.php...

5.8CVSS6.4AI score

Exploits0References2Affected Software1

CVE•added 2023/12/22 12:0 a.m.•49 views

CVE-2023-50569

CVE-2023-50569 is rejected/not used; reference CVE-2023-50250.

6AI score

Exploits0

Debian CVE•added 2023/12/22 12:0 a.m.•29 views

CVE-2023-50569

Removed by vendor...

6.2AI score

Exploits0

AlpineLinux•added 2023/12/22 12:0 a.m.•23 views

CVE-2023-50569

Reflected Cross Site Scripting XSS vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templatesimport.php...

6.4AI score

Exploits0References2

NVD•added 2023/10/27 10:15 p.m.•11 views

CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

6.5CVSS6.6AI score0.00207EPSS

Exploits1References2

OSV•added 2023/10/27 10:15 p.m.•11 views

CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

6.5CVSS7.8AI score

Exploits0References2

Prion•added 2023/10/27 10:15 p.m.•17 views

Sql injection

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

4CVSS6.6AI score0.00207EPSS

Exploits1References2Affected Software1

UbuntuCve•added 2023/10/27 10:15 p.m.•14 views

CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

6.5CVSS6.8AI score0.00207EPSS

Exploits1References4

AlpineLinux•added 2023/10/27 12:0 a.m.•14 views

CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

6.5CVSS6.7AI score0.00207EPSS

Exploits1References2

Vulnrichment•added 2023/10/27 12:0 a.m.•13 views

CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

7.8AI score0.00207EPSS

Exploits1References2

CVE•added 2023/10/27 12:0 a.m.•66 views

CVE-2023-46490

CVE-2023-46490 describes an SQL injection in Cacti v1.2.25, triggered via the form_actions() function in managers.php. The vulnerability allows a remote attacker to obtain sensitive information; the NVD/NV-related docs show a confidentiality impact but do not provide a patched version or workarou...

6.5CVSS6.6AI score0.00207EPSS

Exploits1References2Affected Software1

Cvelist•added 2023/10/27 12:0 a.m.•10 views

CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

6.9AI score0.00207EPSS

Exploits1References2

Debian CVE•added 2023/10/27 12:0 a.m.•18 views

CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

6.5CVSS6.6AI score0.00207EPSS

Exploits1

NVD•added 2019/09/09 3:15 a.m.•7 views

CVE-2019-16132

An issue was discovered in OKLite v1.2.25. framework/admin/tplcontrol.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring...

6.5CVSS6.5AI score0.06784EPSS

Exploits3References1

Prion•added 2019/09/09 3:15 a.m.•9 views

Design/Logic Flaw

framework/admin/moduleccontrol.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/...

6.5CVSS8.5AI score0.16451EPSS

Exploits3References1Affected Software1

CVE•added 2019/09/09 2:5 a.m.•111 views

CVE-2019-16131

CVE-2019-16131 affects OKLite v1.2.25 in the component framework/admin/modulec_control.php, which exposes an Arbitrary File Upload vulnerability. A PHP file contained in a ZIP archive can be written to /data/cache/, enabling potential remote code execution or defacement depending on the environme...

8.8CVSS8.4AI score0.16451EPSS

Exploits3References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by