Cacti Security Vulnerabilities and Issues — Cacti CVE List

Lucene search

CactiCacti

5 matches found

CVE•added 2022/12/05 9:15 p.m.•687 views

CVE-2022-46169

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data sour...

9.8CVSS10AI score0.94469EPSS

CVE•added 2022/03/03 11:15 p.m.•153 views

CVE-2022-0730

Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.

9.8CVSS9.4AI score0.00435EPSS

CVE•added 2022/01/19 9:15 p.m.•55 views

CVE-2021-26247

As an unauthenticated remote user, visit "http:///auth_changepassword.php?ref=" to successfully execute the JavaScript payload present in the "ref" URL parameter.

6.1CVSS6.4AI score0.28433EPSS

CVE•added 2022/01/19 9:15 p.m.•54 views

CVE-2021-23225

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.

5.4CVSS5.5AI score0.00651EPSS

CVE•added 2022/01/19 9:15 p.m.•52 views

CVE-2021-3816

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.

5.4CVSS5.2AI score0.00436EPSS