Cacti Security Vulnerabilities
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti 's database. These data will be viewed by administrative cacti accounts a...
6.1CVSS
6.3AI Score
0.001EPSS
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti 's database. These data will be viewed by administrative cacti accounts a...
6.1CVSS
6.3AI Score
0.001EPSS
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the cacti 's database. These data will be viewed by administrative cacti acco...
6.1CVSS
6.3AI Score
0.001EPSS
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the cacti 's database. These data will be viewed by administrative cacti acco...
6.1CVSS
6.3AI Score
0.001EPSS
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the cacti 's database. These data will be viewed by administrative cacti acco...
6.1CVSS
6.5AI Score
0.001EPSS
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the cacti 's database. These data will be viewed by administrative cacti acco...
6.1CVSS
6.5AI Score
0.001EPSS
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...
6.1CVSS
6.3AI Score
0.001EPSS
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the cacti 's database. These data will be viewed by administrative cacti acco...
6.1CVSS
6.3AI Score
0.001EPSS
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.
6.5CVSS
6.6AI Score
0.001EPSS
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerabil...
8.8CVSS
9AI Score
0.001EPSS
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the pollers.php script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the pollers.php. Impact of th...
8.8CVSS
8.9AI Score
0.001EPSS
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an...
5.4CVSS
5.7AI Score
0.001EPSS
Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in d...
6.1CVSS
6.4AI Score
0.001EPSS
Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in templates_import.php. ...
6.1CVSS
5.6AI Score
0.001EPSS
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file ‘managers.php’. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...
8.8CVSS
8.6AI Score
0.001EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web ser...
9.1CVSS
9.3AI Score
0.003EPSS
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page...
7.6CVSS
5.9AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raise_message_javascript from lib/functions.php now uses purify.js to fix CVE-2023-50250 (...
5.4CVSS
6.1AI Score
0.001EPSS
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when register_argc_argv option of PHP is On. In cmd_realtime.php line 119, the $poller_id use...
10CVSS
7.8AI Score
0.001EPSS
Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit a38b9046e977...
6.1CVSS
5.8AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in form_save() function in data_queries.php is not thoroughly checked and is used to concatenate the HTML statement in grow_right_pane_tree() function from lib/html.php , finally result...
5.7CVSS
5.8AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules_form_save() function in automation_tree_rules.php is not thoroughly checked and is used to concatenate the HTML statement in form_confirm() function fro...
4.6CVSS
5.9AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in automation_get_new_graphs_sql function of api_automation.php allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation a...
8.8CVSS
8.2AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in form_save() function in graph_template_inputs.php is not thoroughly checked and is used to concatenate the SQL statement in draw_nontemplated_fields_graph_item() function fro...
4.6CVSS
7.3AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the lib/plugin.php file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the api_plugin_ho...
8CVSS
8.2AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally r...
6.5CVSS
8.3AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls compat_password_hash when users set their password. compat_password_hash use password_hash if there is it, else use md5. When verifying password, it calls compat_password_verify. In compat_...
9.1CVSS
9.1AI Score
0.001EPSS