Vulnerabilities > Cacti > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-39361 | SQL Injection vulnerability in multiple products Cacti is an open source operational monitoring and fault management framework. | 9.8 |
| 2022-12-05 | CVE-2022-46169 | Incorrect Authorization vulnerability in Cacti Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. | 9.8 |
| 2022-03-03 | CVE-2022-0730 | Improper Authentication vulnerability in multiple products Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. | 9.8 |
| 2017-11-08 | CVE-2017-16660 | Exposure of Resource to Wrong Sphere vulnerability in Cacti 1.1.27 Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. | 9.0 |
| 2017-11-07 | CVE-2017-16641 | OS Command Injection vulnerability in Cacti 1.1.27 lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | 9.0 |
| 2009-11-30 | CVE-2009-4112 | Permissions, Privileges, and Access Controls vulnerability in Cacti Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands. | 9.0 |