Vulnerabilities > Cacti

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-06	CVE-2017-10970	Cross-site Scripting vulnerability in Cacti 1.1.12 Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. network low complexity cacti CWE-79	5.4
2016-04-13	CVE-2016-2313	Permissions, Privileges, and Access Controls vulnerability in multiple products auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. network low complexity cacti opensuse CWE-264	8.8
2016-04-12	CVE-2016-3172	SQL Injection vulnerability in Cacti SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. network low complexity cacti CWE-89	8.8
2016-04-11	CVE-2015-8604	SQL Injection vulnerability in Cacti SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. network low complexity cacti CWE-89	8.8
2016-04-11	CVE-2016-3659	SQL Injection vulnerability in Cacti SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. network low complexity cacti CWE-89	8.8

Vulnerabilities > Cacti {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cacti"}]}

Vulnerabilities > Cacti