Vulnerabilities > Cacti > High

DATE CVE VULNERABILITY TITLE RISK
2017-11-08 CVE-2017-16660 Exposure of Resource to Wrong Sphere vulnerability in Cacti 1.1.27
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
network
low complexity
cacti CWE-668
7.2
7.2
2017-11-07 CVE-2017-16641 OS Command Injection vulnerability in Cacti 1.1.27
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
network
low complexity
cacti CWE-78
7.2
7.2
2017-07-17 CVE-2017-1000031 SQL Injection vulnerability in Cacti 0.8.8B
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
network
low complexity
cacti CWE-89
8.8
8.8
2016-04-13 CVE-2016-2313 Permissions, Privileges, and Access Controls vulnerability in multiple products
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.
network
low complexity
cacti opensuse CWE-264
8.8
8.8
2016-04-12 CVE-2016-3172 SQL Injection vulnerability in Cacti
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.
network
low complexity
cacti CWE-89
8.8
8.8
2016-04-11 CVE-2015-8604 SQL Injection vulnerability in Cacti
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
network
low complexity
cacti CWE-89
8.8
8.8
2016-04-11 CVE-2016-3659 SQL Injection vulnerability in Cacti
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.
network
low complexity
cacti CWE-89
8.8
8.8