CVE-2024-31459
- EPSS 2.68%
- Veröffentlicht 14.05.2024 15:25:26
- Zuletzt bearbeitet 04.11.2025 17:15:50
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. The...
CVE-2024-31460
- EPSS 1.79%
- Veröffentlicht 14.05.2024 15:25:26
- Zuletzt bearbeitet 04.11.2025 17:15:51
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_node...
- EPSS 12.6%
- Veröffentlicht 14.05.2024 15:25:25
- Zuletzt bearbeitet 04.11.2025 17:15:50
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement ...
CVE-2024-31445
- EPSS 26.15%
- Veröffentlicht 14.05.2024 15:25:21
- Zuletzt bearbeitet 04.11.2025 17:15:50
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL inject...
CVE-2024-31443
- EPSS 0.84%
- Veröffentlicht 14.05.2024 15:25:20
- Zuletzt bearbeitet 04.11.2025 17:15:50
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_p...
CVE-2024-31444
- EPSS 14.66%
- Veröffentlicht 14.05.2024 15:25:20
- Zuletzt bearbeitet 04.11.2025 17:15:50
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concaten...
CVE-2024-30268
- EPSS 0.59%
- Veröffentlicht 14.05.2024 15:22:18
- Zuletzt bearbeitet 15.04.2026 00:35:42
Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained co...
- EPSS 94.29%
- Veröffentlicht 14.05.2024 15:17:15
- Zuletzt bearbeitet 15.04.2026 00:35:42
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `...
CVE-2024-29894
- EPSS 0.9%
- Veröffentlicht 14.05.2024 15:17:14
- Zuletzt bearbeitet 18.12.2024 21:10:38
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/func...
CVE-2024-27082
- EPSS 0.91%
- Veröffentlicht 14.05.2024 15:11:27
- Zuletzt bearbeitet 18.12.2024 21:01:17
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server...