Vulnerabilities > Cacti > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-20 CVE-2020-7237 OS Command Injection vulnerability in Cacti 1.2.8
Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php.
network
low complexity
cacti CWE-78
8.8
2020-01-15 CVE-2020-7058 Improper Input Validation vulnerability in Cacti 1.2.8
data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host.
network
low complexity
cacti CWE-20
8.8
2019-12-12 CVE-2019-17358 Deserialization of Untrusted Data vulnerability in multiple products
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays.
network
low complexity
cacti debian opensuse CWE-502
8.1
2017-11-24 CVE-2016-10700 Permissions, Privileges, and Access Controls vulnerability in Cacti
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered.
network
low complexity
cacti CWE-264
8.8
2017-11-15 CVE-2014-4000 Code Injection vulnerability in Cacti
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
network
low complexity
cacti CWE-94
8.8
2017-11-08 CVE-2017-16660 Exposure of Resource to Wrong Sphere vulnerability in Cacti 1.1.27
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
network
low complexity
cacti CWE-668
7.2
2017-11-07 CVE-2017-16641 OS Command Injection vulnerability in Cacti 1.1.27
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
network
low complexity
cacti CWE-78
7.2
2017-07-17 CVE-2017-1000031 SQL Injection vulnerability in Cacti 0.8.8B
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
network
low complexity
cacti CWE-89
8.8
2016-04-13 CVE-2016-2313 Permissions, Privileges, and Access Controls vulnerability in multiple products
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.
network
low complexity
cacti opensuse CWE-264
8.8
2016-04-12 CVE-2016-3172 SQL Injection vulnerability in Cacti
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.
network
low complexity
cacti CWE-89
8.8