CVE-2025-24368
- EPSS 0.49%
- Veröffentlicht 27.01.2025 18:15:42
- Zuletzt bearbeitet 03.11.2025 22:18:40
Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automati...
CVE-2025-22604
- EPSS 5.29%
- Veröffentlicht 27.01.2025 17:15:17
- Zuletzt bearbeitet 03.11.2025 21:19:13
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a ...
CVE-2024-54145
- EPSS 0.66%
- Veröffentlicht 27.01.2025 17:15:16
- Zuletzt bearbeitet 03.11.2025 21:17:48
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.
CVE-2024-54146
- EPSS 41%
- Veröffentlicht 27.01.2025 17:15:16
- Zuletzt bearbeitet 04.03.2025 14:45:17
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.
CVE-2024-45598
- EPSS 2.94%
- Veröffentlicht 27.01.2025 16:15:31
- Zuletzt bearbeitet 03.11.2025 21:16:21
Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file ins...
CVE-2024-43364
- EPSS 34.38%
- Veröffentlicht 07.10.2024 21:15:16
- Zuletzt bearbeitet 03.11.2025 21:16:18
Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in in...
CVE-2024-43365
- EPSS 22.53%
- Veröffentlicht 07.10.2024 21:15:16
- Zuletzt bearbeitet 03.11.2025 21:16:18
Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and refle...
CVE-2024-43362
- EPSS 35.46%
- Veröffentlicht 07.10.2024 21:15:15
- Zuletzt bearbeitet 03.11.2025 21:16:18
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` fun...
CVE-2024-43363
- EPSS 35.81%
- Veröffentlicht 07.10.2024 21:15:15
- Zuletzt bearbeitet 03.11.2025 21:16:18
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no ...
CVE-2024-34340
- EPSS 1.12%
- Veröffentlicht 14.05.2024 15:38:39
- Zuletzt bearbeitet 04.11.2025 17:15:53
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verify...