Cacti Security Vulnerabilities and Issues — Cacti CVE List

Lucene search

CactiCacti

6 matches found

CVE•added 2017/11/15 4:29 p.m.•53 views

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).

8.8CVSS8.5AI score0.011EPSS

CVE•added 2017/11/24 5:29 a.m.•51 views

CVE-2016-10700

auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-...

8.8CVSS8.5AI score0.01075EPSS

CVE•added 2017/11/07 8:29 p.m.•50 views

CVE-2017-16641

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.

9CVSS7AI score0.00465EPSS

CVE•added 2017/11/08 5:29 a.m.•49 views

CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.

9CVSS6.9AI score0.01457EPSS

CVE•added 2017/11/08 5:29 a.m.•46 views

CVE-2017-16661

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.

4.9CVSS5.5AI score0.00181EPSS

CVE•added 2017/11/10 11:29 p.m.•44 views

CVE-2017-16785

Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.

6.1CVSS6AI score0.00196EPSS