Vulnerabilities > Cacti
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-1000031 | SQL Injection vulnerability in Cacti 0.8.8B SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. | 6.5 |
| 2017-07-10 | CVE-2017-11163 | Cross-site Scripting vulnerability in Cacti 1.1.12 Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. | 3.5 |
| 2017-07-06 | CVE-2017-10970 | Cross-site Scripting vulnerability in Cacti 1.1.12 Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. | 4.3 |
| 2016-04-13 | CVE-2016-2313 | Permissions, Privileges, and Access Controls vulnerability in multiple products auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. | 8.8 |
| 2016-04-12 | CVE-2016-3172 | SQL Injection vulnerability in Cacti SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. | 6.5 |
| 2016-04-11 | CVE-2015-8604 | SQL Injection vulnerability in Cacti SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. | 6.5 |
| 2016-04-11 | CVE-2016-3659 | SQL Injection vulnerability in Cacti SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. | 6.5 |
| 2015-12-17 | CVE-2015-8369 | SQL Injection vulnerability in Cacti SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. | 7.5 |
| 2015-12-15 | CVE-2015-8377 | SQL Injection vulnerability in Cacti SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. | 6.5 |
| 2015-08-11 | CVE-2015-4634 | SQL Injection vulnerability in Cacti SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | 7.5 |