Cacti

Cacti

137 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-26520

  • EPSS 0.07%
  • Published 12.02.2025 07:15:08
  • Last modified 12.02.2025 07:15:08

Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.

8.8

CVE-2025-24367

Exploit
  • EPSS 10.89%
  • Published 27.01.2025 18:15:42
  • Last modified 18.04.2025 02:22:25

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execu...

7.5

CVE-2025-24368

Exploit
  • EPSS 0.16%
  • Published 27.01.2025 18:15:42
  • Last modified 18.04.2025 02:21:31

Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automati...

7.2

CVE-2025-22604

Exploit
  • EPSS 43.01%
  • Published 27.01.2025 17:15:17
  • Last modified 04.03.2025 14:45:17

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a ...

8.8

CVE-2024-54145

Exploit
  • EPSS 0.3%
  • Published 27.01.2025 17:15:16
  • Last modified 04.03.2025 14:45:17

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.

8.8

CVE-2024-54146

Exploit
  • EPSS 0.52%
  • Published 27.01.2025 17:15:16
  • Last modified 04.03.2025 14:45:17

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.

4.9

CVE-2024-45598

Exploit
  • EPSS 0.16%
  • Published 27.01.2025 16:15:31
  • Last modified 04.03.2025 14:45:17

Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file ins...

8.2

CVE-2024-43364

Exploit
  • EPSS 0.25%
  • Published 07.10.2024 21:15:16
  • Last modified 17.10.2024 18:09:43

Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in in...

8.2

CVE-2024-43365

Exploit
  • EPSS 0.25%
  • Published 07.10.2024 21:15:16
  • Last modified 16.10.2024 19:15:56

Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and refle...

5.4

CVE-2024-43362

Exploit
  • EPSS 0.2%
  • Published 07.10.2024 21:15:15
  • Last modified 17.10.2024 18:14:33

Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` fun...