Cacti

Cacti

155 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Warnung Exploit
  • EPSS 99.83%
  • Veröffentlicht 05.12.2022 21:15:10
  • Zuletzt bearbeitet 24.10.2025 14:47:01

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code o...

  • EPSS 3.45%
  • Veröffentlicht 03.03.2022 23:15:08
  • Zuletzt bearbeitet 21.11.2024 06:39:16

Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.

  • EPSS 0.53%
  • Veröffentlicht 19.01.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 05:51:24

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.

  • EPSS 7.12%
  • Veröffentlicht 19.01.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 05:55:58

As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.

  • EPSS 0.53%
  • Veröffentlicht 19.01.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:31

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.

  • EPSS 1.63%
  • Veröffentlicht 14.11.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 05:03:14

Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.

Exploit
  • EPSS 2.43%
  • Veröffentlicht 27.08.2021 18:15:07
  • Zuletzt bearbeitet 21.11.2024 05:13:39

Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.

Exploit
  • EPSS 4.6%
  • Veröffentlicht 11.01.2021 16:15:15
  • Zuletzt bearbeitet 21.11.2024 05:27:52

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.

Exploit
  • EPSS 2.78%
  • Veröffentlicht 12.11.2020 14:15:22
  • Zuletzt bearbeitet 21.11.2024 05:18:32

A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field

Exploit
  • EPSS 86.33%
  • Veröffentlicht 17.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 05:02:56

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.