High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-17	CVE-2020-14295	SQL Injection vulnerability in multiple products A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. network low complexity cacti fedoraproject CWE-89	7.2
2020-02-22	CVE-2020-8813	OS Command Injection vulnerability in multiple products graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. network low complexity cacti fedoraproject opmantek opensuse debian CWE-78	8.8
2020-01-20	CVE-2020-7237	OS Command Injection vulnerability in Cacti 1.2.8 Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. network low complexity cacti CWE-78	8.8
2020-01-15	CVE-2020-7058	Improper Input Validation vulnerability in Cacti 1.2.8 data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. network low complexity cacti CWE-20	8.8
2017-08-01	CVE-2017-12065	Unspecified vulnerability in Cacti spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. network low complexity cacti	7.5
2016-04-13	CVE-2016-2313	Permissions, Privileges, and Access Controls vulnerability in multiple products auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. network low complexity cacti opensuse CWE-264	8.8
2015-12-17	CVE-2015-8369	SQL Injection vulnerability in Cacti SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. network low complexity cacti CWE-89	7.5
2015-08-11	CVE-2015-4634	SQL Injection vulnerability in Cacti SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. network low complexity cacti CWE-89	7.5
2015-06-17	CVE-2015-4454	SQL Injection vulnerability in multiple products SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. network low complexity cacti fedoraproject CWE-89	7.5
2015-06-17	CVE-2015-4342	SQL Injection vulnerability in multiple products SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. network low complexity cacti fedoraproject CWE-89	7.5