152 matches found
CVE-2025-24367
CVE-2025-24367 affects Cacti, an open-source monitoring framework. The flaw allows an authenticated Cacti user to abuse graph creation and graph template functionality to write arbitrary PHP scripts in the web root, leading to remote code execution on the server. Impact is remote code execution w...
CVE-2022-46169
CVE-2022-46169 affects Cacti and enables unauthenticated command execution via remote_agent.php when a poller_item with POLLER_ACTION_SCRIPT_PHP is present. The root cause is an IP-based auth bypass: HTTP_ headers can be spoofed (e.g., Forwarded-For) so get_client_addr returns the server IP, allo...
CVE-2020-8813
CVE-2020-8813 affects Cacti (notably up to version 1.2.8) and enables remote code execution. An authenticated guest user with the graph real-time privilege can trigger arbitrary OS commands via shell metacharacters in a cookie, impacting servers running Cacti. The available connected advisory con...
CVE-2020-7106
CVE-2020-7106 affects Cacti 1.2.8, with stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php; root cause is improper escaping/display of a raw string from the database (via $header). Public advisori...
CVE-2020-14295
CVE-2020-14295 is a SQL injection in Cacti 1.2.12's color.php (via the filter parameter) that can lead to remote command execution due to stacked queries. Evidence shows exploits/modules exist (e.g., Metasploit references) and public advisories describe the vulnerability. Mitigation observed in u...
CVE-2020-7237
CVE-2020-7237 affects Cacti 1.2.8, enabling remote code execution by privileged users through shell metacharacters in the Performance Boost Debug Log field of poller_automation.php; commands run when a new poller cycle starts. The authenticated attacker must have permission to modify Performance ...
CVE-2024-25641
CVE-2024-25641 affects Cacti prior to 1.2.27. An arbitrary file write vulnerability in the import_package() path allows authenticated users with the Import Templates permission to write/overwrite files via the Package Import XML data, due to the function blindly trusting filenames and content and...
CVE-2020-35701
CVE-2020-35701 affects Cacti 1.2.x through 1.2.16. A SQL injection in data_debug.php via the site_id parameter allows remote authenticated attackers to execute arbitrary SQL commands, with potential remote code execution. Remediation: upgrade to Cacti 1.2.17 (or apply vendor patches) as indicated...
CVE-2019-16723
CVE-2019-16723 affects Cacti until 1.2.6. An authenticated user can bypass authorization to view a graph by calling graph_json.php with a modified local_graph_id, effectively an IDOR-style flaw. Remediation per connected sources is to upgrade to a fixed release (examples include Cacti 1.2.9+; som...
CVE-2019-17358
CVE-2019-17358 affects Cacti up to version 1.2.7 via unsafe deserialization in lib/functions.php, allowing an authenticated attacker to influence object data and control actions, with potential PHP memory corruption. Public fixes are shown in openSUSE updates: CVE-2019-17358 is addressed in cacti...
CVE-2019-17357
CVE-2019-17357 affects Cacti up to 1.2.7 via a graphs.php?template_id= SQL injection vulnerability in how template identifiers are handled. Exploitation could allow data extraction (authenticated) or CSRF-based unauthenticated access. Public listings in connected docs confirm this CVE was address...
CVE-2009-4112
CVE-2009-4112 affects Cacti up to version 0.8.7e, where remote authenticated administrators could escalate privileges by tampering with the Linux Get Memory Usage Data Input Method. OpenSUSE/SUSE updates (cacti, cacti-spine) to version 1.2.11 fix this and related issues (CVE-2018-20723/24/25/26, ...
CVE-2023-39516
CVE-2023-39516 affects Cacti. It is a Stored Cross-Site Scripting (XSS) vulnerability in the data_sources.php component that can be exploited by an authenticated user with the General Administration > Sites/Devices/Data permission to poison data stored in the Cacti database. The poisoned data ...
CVE-2023-39515
Cacti Stored XSS (CVE-2023-39515) affects data_debug.php and is exploitable by authenticated users with General Administration>Sites/Devices/Data, enabling JavaScript in admin-viewed data. Affected via malicious data-source path configuration; fix: upgrade to 1.2.25. Note: CVE-2023-49088 indic...
CVE-2022-0730
CVE-2022-0730: In Cacti, authentication can be bypassed under certain LDAP conditions when anonymous binding is enabled. Public advisories (Debian DSA/DLA, Fedora/Amazon, ENISA EUVD) reference this as a vulnerability in cacti with authenticated LDAP bypass risk. Debian fixed multiple releases: fo...
CVE-2025-22604
CVE-2025-22604 affects Cacti, where a flaw in the multi-line SNMP result parser allows authenticated users to inject malformed OIDs; processing by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes() uses part of an OID as a key in an array that feeds a system command, causing a command execution vu...
CVE-2023-39365
Cacti vulnerability CVE-2023-39365: Issues with Regular Expression validation combined with the external links feature allow limited SQL injections and data leakage. Affected product is the Cacti framework (web-based network graphing/monitoring). Root cause described as improper validation in reg...
CVE-2018-20724
CVE-2018-20724 is a cross-site scripting (XSS) vulnerability in Cacti before 1.2.0, caused by a lack of escaping unintended characters in the Website Hostname used by Data Collectors (pollers.php). Public documentation confirms fixes in later releases: cacti-spine updated to 1.2.9 (openSUSE/SUSE ...
CVE-2018-20725
CVE-2018-20725 affects Cacti before 1.2.0, where graph_templates.php Graph Vertical Label could be exploited due to insufficient escaping of characters. Connected OSV entries indicate that the fix was delivered in updates to cacti/cacti-spine (e.g., openSUSE/SUSE packages) and that CVE-2018-20725...
CVE-2018-20723
CVE-2018-20723 is a cross-site scripting (XSS) vulnerability in Cacti’s color_templates.php where unintended characters in the Color Name field were not escaped, making it exploitable in versions prior to 1.2.0. Connected advisories show remediation through newer Cacti releases (e.g., openSUSE/SU...
CVE-2023-39360
CVE-2023-39360 is a stored XSS in Cacti’s graphs_new.php. An authenticated user can poison stored data via the returnto parameter passed to form_save_button; bypass occurs when returnto contains host.php. The issue affects Cacti prior to the fixed release and can impact data integrity and user se...
CVE-2018-20726
CVE-2018-20726 affects Cacti (pre-1.2.0) with an XSS in host.php (via tree.php) due to missing escaping in the Website Hostname field for Devices. Exploitation details are not provided in the documents, but multiple advisories note this CVE alongside others and document remediation: upgrade to Ca...
CVE-2023-39366
CVE-2023-39366 affects Cacti (web-based monitoring) with a stored XSS in the data_sources view caused by malicious device-name configuration via host.php; the payload can execute in admin users’ browsers when viewing data sources. Affected versions are mitigated by upgrading to Cacti 1.2.25. If u...
CVE-2023-39359
CVE-2023-39359 affects the Cacti monitoring framework. An authenticated SQL injection exists in the graphs.php handler (ajax_hosts / ajax_hosts_noany) where a non-zero site_id is reflected in the WHERE clause, enabling privilege escalation and remote code execution per the cited description. The ...
CVE-2015-4634
CVE-2015-4634 is a SQL injection vulnerability in Cacti’s graphs.php. The issue allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter in versions prior to 0.8.8e. Public advisories (openSUSE-2015-510, ALAS-2016-673, Debian DSA-3312, CNVD/CVE records) confirm t...
CVE-2015-4454
CVE-2015-4454 affects Cacti prior to 0.8.8d, where a SQL injection in the get_hash_graph_template function (lib/functions.php) can be triggered via graph_template_id in graph_templates.php. The issue is demonstrated across multiple advisories and distributions (e.g., Mageia MGASA-2015-0306 and Fe...
CVE-2023-39511
CVE-2023-39511 affects Cacti (1.2.x) with a Stored XSS in the reporting interface. An authenticated user can poison data stored in the Cacti database via malicious device names configured at /cacti/host.php and rendered on /cacti/reports_admin.php, enabling script execution in admins’ browsers wh...
CVE-2023-30534
CVE-2023-30534 affects Cacti prior to 1.2.25. The issue involves insecure deserialization via unserialize in graphs_new.php (host_new_graphs_save) due to lack of input sanitization. A viable phpseclib gadget chain exists in vendor code but the gadgets are not accessible, making exploitation not p...
CVE-2024-34340
Summary (CVE-2024-34340): Cacti up to version 1.2.27 is vulnerable in the password verification path (compat_password_verify). The code performs a loose comparison using md5 when verifying passwords, comparing the Md5-hashed user input to the stored hash with a non-strict equality, enabling poten...
CVE-2016-3172
CVE-2016-3172 affects Cacti up to 0.8.8g. It is a SQL injection in tree.php (parameter: parent_id in item_edit) that allows remote authenticated users to execute arbitrary SQL commands against the back-end database. Documented impacts include viewing, adding, modifying, or deleting data; CVSS v3....
CVE-2024-31459
CVE-2024-31459 affects Cacti prior to version 1.2.27 and describes a file inclusion in lib/plugin.php where data from plugin_hooks and plugin_config tables is concatenated into a file path for inclusion. When paired with SQL injection weaknesses, this can enable remote code execution. Connected a...
CVE-2023-31132
CVE-2023-31132 affects Cacti, a PHP-based web frontend for monitoring. A privilege-escalation flaw lets a low-privilege OS user with access to a Windows host where Cacti runs create arbitrary PHP files in a web document directory and execute them under SYSTEM, enabling local privilege escalation....
CVE-2020-7058
CVE-2020-7058 affects Cacti 1.2.8; data_input.php can lead to remote code execution via a crafted Input String to Data Collection → Data Input Methods → Unix → Ping Host. Multiple connected sources note the vendor’s statement that this is a false alarm, with no public exploit details or patch inf...
CVE-2020-25706
CVE-2020-25706 is a cross-site scripting (XSS) vulnerability in Cacti 1.2.13 related to improper escaping of the error message during template import preview in the xml_path field of templates_import.php. Concrete details across connected sources indicate the flaw can lead to information disclosu...
CVE-2024-31445
CVE-2024-31445 affects Cacti prior to 1.2.27. Root cause: api_automation.php concatenates get_request_var('filter') into SQL without sanitization (lines 717, 856). Impact: authenticated users can exploit SQL injection for privilege escalation and remote code execution. Remediation: upgrade to ver...
CVE-2024-31460
CVE-2024-31460 is a SQL injection in Cacti prior to 1.2.27, caused by unsafely concatenating SQL in automation_tree_rules.php data used by create_all_header_nodes. The vulnerability may enable modification of the Cacti database and, as described, could lead to arbitrary file reading and even remo...
CVE-2024-43363
CVE-2024-43363 affects Cacti. An admin can create a device with a malicious hostname containing PHP code; completing only step 5 of installation allows the hostname to be logged (log poisoning), after which the attacker can access the log file URL to achieve remote code execution (RCE). The vulne...
CVE-2023-39361
CVE-2023-39361 affects Cacti (notably 1.2.24) via a SQL injection in graph_view.php. The vulnerability arises when guest users can access graph_view.php without authentication, enabling an attacker to inject SQL through the rfilter parameter (within the grow_right_pane_tree path) and potentially ...
CVE-2009-4032
CVE-2009-4032 affects Cacti 0.8.7e and earlier, with multiple XSS flaws in graph.php, include/top_graph_header.php, lib/html_form.php, and lib/timespan_settings.php. Exploitation vectors include graph_end/graph_start (graph.php), date1 (graph_view.php), and page_refresh/default_dual_pane_width (g...
CVE-2023-39357
CVE-2023-39357 affects Cacti. A defect in the sql_save function allows SQL injection when the column type is numeric, due to insufficient input validation across call sites. This can enable authenticated users to perform privilege escalation and remote code execution. The issue is addressed in ve...
CVE-2015-8369
CVE-2015-8369 affects Cacti (0.8.8f and earlier). The SQL injection occurs in include/top_graph_header.php via the rra_id parameter used in a properties action to graph.php, allowing remote commands to interact with the database. Impact: arbitrary SQL execution with the app’s privileges. Mitigati...
CVE-2023-39362
Cacti CVE-2023-39362 affects the web-based monitoring framework. In version 1.2.24, an authenticated privileged user can abuse the SNMP options of a Device to trigger a command injection via an input that reaches an exec call in lib/snmp.php, potentially yielding remote code execution on the serv...
CVE-2023-49086
Cacti (web frontend to RRDTool) versions prior to 1.2.27 are vulnerable to a DOM XSS in graphs_new.php, bypassing the fix for CVE-2023-39360. Exploitation requires an authorized user and results in execution of arbitrary JavaScript in the victim’s browser. The issue is resolved in version 1.2.27....
CVE-2020-14424
CVE-2020-14424 affects Cacti versions prior to 1.2.18, where an attacker can trigger cross-site scripting via template import for the midwinter theme. Affected software is the Cacti web frontend (PHP-based) used for network graphing. Root cause: improper sanitization during template import allowi...
CVE-2019-11025
CVE-2019-11025 affects Cacti prior to 1.2.3; the issue is an XSS in the SNMP Options printed value in the View poller cache due to lack of escaping in utilities.php. Impact is cross-site scripting; exploitation is possible via printing unescaped SNMP community strings. Mitigation: upgrade to a fi...
CVE-2013-1434
Cacti prior to version 0.8.8b contains multiple SQL injection vulnerabilities in api_poller.php and utility.php that allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Public advisories (openSUSE/SUSe, Gentoo GLSA, Amazon Linux ALAS) indicate upgrading to 0.8.8b fix...
CVE-2020-23226
CVE-2020-23226 is documented across multiple feeds as a set of Cross Site Scripting (XSS) vulnerabilities in Cacti 1.2.12 . The affected components include (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, and (6) data_input.php (noting dupl...
CVE-2025-24368
CVE-2025-24368 affects the Cacti web framework. The vulnerability arises because data stored in automation_tree_rules.php is not thoroughly validated and is concatenated into an SQL statement in build_rule_item_filter() within lib/api_automation.php, enabling SQL injection. The issue is fixed in ...
CVE-2024-43364
CVE-2024-43364 affects the Cacti web framework. The vulnerability is a stored XSS due to improper sanitization of the title parameter when saving external links (links.php), with the title stored in the database and reflected in index.php. The issue is addressed in Cacti release 1.2.28 (upgrading...
CVE-2015-8604
CVE-2015-8604 is a SQL injection vulnerability in Cacti's graphs_new.php (host_new_graphs function) prior to 0.8.8f, exploitable by remote authenticated users via the cg_g parameter in a save action to execute arbitrary SQL. Public advisories (Debian, FreeBSD, Gentoo, Mageia) document affected ve...