Known Vulnerabilities for products from Cacti
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Cacti".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-26247 | As an unauthenticated remote user, visit "http:// |
6.1 - MEDIUM | 2022-01-19 | 2022-01-25 |
| CVE-2021-23225 | Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_u... | 5.4 - MEDIUM | 2022-01-19 | 2022-05-24 |
| CVE-2021-3816 | Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field d... | 5.4 - MEDIUM | 2022-01-19 | 2022-01-25 |
| CVE-2020-35701 | An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenti... | 8.8 - HIGH | 2021-01-11 | 2023-11-07 |
| CVE-2020-25706 | A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error me... | 6.1 - MEDIUM | 2020-11-12 | 2023-11-07 |
| CVE-2020-23226 | Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3... | 6.1 - MEDIUM | 2021-08-27 | 2023-02-24 |
| CVE-2020-14424 | Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. | 6.1 - MEDIUM | 2021-11-14 | 2021-11-16 |
| CVE-2020-14295 | A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to r... | 7.2 - HIGH | 2020-06-17 | 2023-11-07 |
| CVE-2020-13231 | In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. | 6.5 - MEDIUM | 2020-05-20 | 2023-11-07 |
| CVE-2020-13230 | In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g... | 4.3 - MEDIUM | 2020-05-20 | 2023-11-07 |
| CVE-2020-8813 | graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cook... | 8.8 - HIGH | 2020-02-22 | 2023-11-07 |
| CVE-2020-7237 | Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log fi... | 8.8 - HIGH | 2020-01-20 | 2023-11-07 |
| CVE-2020-7106 | Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php... | 6.1 - MEDIUM | 2020-01-16 | 2023-11-07 |
| CVE-2020-7058 | ** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Da... | 8.8 - HIGH | 2020-01-15 | 2023-11-07 |
| CVE-2019-17358 | Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to ... | 8.1 - HIGH | 2019-12-12 | 2020-08-24 |
| CVE-2019-17357 | Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers a... | 6.5 - MEDIUM | 2020-01-21 | 2020-03-01 |
| CVE-2019-16723 | In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php... | 4.3 - MEDIUM | 2019-09-23 | 2023-11-07 |
| CVE-2019-11025 | In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP communi... | 5.4 - MEDIUM | 2019-04-08 | 2022-05-24 |
| CVE-2018-20726 | A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of... | 5.4 - MEDIUM | 2019-01-16 | 2020-03-01 |
| CVE-2018-20725 | A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of uni... | 4.8 - MEDIUM | 2019-01-16 | 2020-03-01 |
Known software with vulnerabilities from Cacti
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cacti | Cacti | 0.8 |
| Application | Cacti | Superlinks | 1.4-2 |