QID 150720
Date Published: 2023-09-27
QID 150720: Cacti Prior to 1.2.25 Multiple Security Vulnerabilities
Cacti is an open-source, web-based network monitoring and graphing tool designed as a front-end application for the open-source, industry-standard data logging tool RRDtool.
Cacti has been identified as having multiple security vulnerabilities.
CVE-2023-30534 : Insecure deserialization of filter data
CVE-2023-31132 : Privilege escalation when Cacti installed using Windows Installer defaults
CVE-2023-39357 : SQL Injection when saving data with sql_save()
CVE-2023-39358 : Authenticated SQL injection vulnerability when managing reports.
CVE-2023-39359 : Authenticated SQL injection vulnerability when managing graphs.
CVE-2023-39360 : Cross-Site Scripting vulnerability when creating new graphs.
CVE-2023-39361 : Unauthenticated SQL Injection when viewing graphs.
CVE-2023-39362 : Authenticated command injection when using SNMP options.
CVE-2023-39364 : Open redirect in change password functionality.
CVE-2023-39365 : SQL Injection when using regular expressions.
CVE-2023-39366 : Cross-Site Scripting vulnerability with Device Name when managing Data Sources.
CVE-2023-39510 : Cross-Site Scripting vulnerability with Device Name when administrating Reports.
CVE-2023-39511 : Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports.
CVE-2023-39512 : Cross-Site Scripting vulnerability with Device Name when managing Data Sources.
CVE-2023-39513 : Cross-Site Scripting vulnerability with Device Name when debugging data queries.
CVE-2023-39514 : Cross-Site Scripting vulnerability with Data Source Name when managing Graphs.
CVE-2023-39515 : Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries.
CVE-2023-39516 : Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources.
Affected Versions:
Cacti prior to version 1.2.25
QID Detection Logic:
This QID sends a HTTP GET request and checks for vulnerable version of Cacti application running on the target server.
Exploiting all of these vulnerabilities successfully could grant an unauthenticated remote attacker the ability to take control of the cacti server.
github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p