Search CVE reports
51 – 60 of 136 results
CVE-2020-25706
Medium priorityA cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field
1 affected packages
cacti
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cacti | Not affected | Not affected | Vulnerable | Vulnerable | Not affected |
CVE-2020-14295
Medium prioritySome fixes available 2 of 5
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
1 affected packages
cacti
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cacti | Not affected | Not affected | Fixed | Fixed | Not affected |
CVE-2020-13231
Medium prioritySome fixes available 2 of 5
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
1 affected packages
cacti
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cacti | Not affected | Not affected | Fixed | Fixed | Not affected |
CVE-2020-13230
Low prioritySome fixes available 3 of 6
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
1 affected packages
cacti
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cacti | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2020-8813
Medium prioritygraph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
1 affected packages
cacti
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cacti | Not affected | Not affected | Not affected | Vulnerable | Not affected |
CVE-2019-17357
Medium priorityCacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id....
1 affected packages
cacti
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cacti | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2020-7237
Medium priorityCacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must...
1 affected packages
cacti
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cacti | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2020-7106
Medium prioritySome fixes available 1 of 5
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter...
1 affected packages
cacti
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cacti | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2020-7058
Low priority** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm."
1 affected packages
cacti
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cacti | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-17358
Medium prioritySome fixes available 1 of 6
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control...
1 affected packages
cacti
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cacti | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |