Cacti

Cacti

155 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.49%
  • Veröffentlicht 27.01.2025 18:15:42
  • Zuletzt bearbeitet 03.11.2025 22:18:40

Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automati...

Exploit
  • EPSS 5.29%
  • Veröffentlicht 27.01.2025 17:15:17
  • Zuletzt bearbeitet 03.11.2025 21:19:13

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a ...

Exploit
  • EPSS 0.66%
  • Veröffentlicht 27.01.2025 17:15:16
  • Zuletzt bearbeitet 03.11.2025 21:17:48

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.

Exploit
  • EPSS 41%
  • Veröffentlicht 27.01.2025 17:15:16
  • Zuletzt bearbeitet 04.03.2025 14:45:17

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.

Exploit
  • EPSS 2.94%
  • Veröffentlicht 27.01.2025 16:15:31
  • Zuletzt bearbeitet 03.11.2025 21:16:21

Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file ins...

Exploit
  • EPSS 34.38%
  • Veröffentlicht 07.10.2024 21:15:16
  • Zuletzt bearbeitet 03.11.2025 21:16:18

Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in in...

Exploit
  • EPSS 22.53%
  • Veröffentlicht 07.10.2024 21:15:16
  • Zuletzt bearbeitet 03.11.2025 21:16:18

Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and refle...

Exploit
  • EPSS 35.46%
  • Veröffentlicht 07.10.2024 21:15:15
  • Zuletzt bearbeitet 03.11.2025 21:16:18

Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` fun...

Exploit
  • EPSS 35.81%
  • Veröffentlicht 07.10.2024 21:15:15
  • Zuletzt bearbeitet 03.11.2025 21:16:18

Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no ...

Exploit
  • EPSS 1.12%
  • Veröffentlicht 14.05.2024 15:38:39
  • Zuletzt bearbeitet 04.11.2025 17:15:53

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verify...