Cacti Security Vulnerabilities and Issues — Cacti CVE List

Lucene search

The Cacti GroupCacti

9 matches found

CVE•added 2006/01/09 11:3 p.m.•123 views

CVE-2006-0146

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL...

7.5CVSS8AI score0.08392EPSS

CVE•added 2006/01/09 11:3 p.m.•67 views

CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute ar...

7.5CVSS7.3AI score0.2117EPSS

CVE•added 2006/12/28 9:28 p.m.•57 views

CVE-2006-6799

SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results ar...

7.5CVSS8AI score0.01952EPSS

CVE•added 2007/06/07 9:30 p.m.•54 views

CVE-2007-3112

graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113.

7.8CVSS6AI score0.02685EPSS

CVE•added 2005/02/26 5:0 a.m.•53 views

CVE-2004-1737

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

7.5CVSS8.6AI score0.03848EPSS

CVE•added 2005/07/06 4:0 a.m.•42 views

CVE-2005-2148

Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_reque...

7.5CVSS7.7AI score0.04133EPSS

CVE•added 2005/06/22 4:0 a.m.•40 views

CVE-2005-1526

PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter.

7.5CVSS7.2AI score0.07579EPSS

CVE•added 2005/06/22 4:0 a.m.•37 views

CVE-2005-1525

SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS8AI score0.01582EPSS

CVE•added 2004/09/01 4:0 a.m.•31 views

CVE-2002-1477

graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.

7.5CVSS7.2AI score0.02653EPSS