High severity8.8NVD Advisory· Published Nov 15, 2017· Updated Jun 17, 2026
CVE-2014-4000
CVE-2014-4000
Description
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*range: <1.0.0
- (no CPE)range: <1.0.0
Patches
Vulnerability mechanics
References
4- forums.cacti.net/viewtopic.phpnvdIssue TrackingRelease NotesVendor Advisory
- security-tracker.debian.org/tracker/CVE-2014-4000nvdIssue TrackingThird Party Advisory
- security.gentoo.org/glsa/201711-10nvdIssue TrackingThird Party Advisory
- www.cacti.net/release_notes_1_0_0.phpnvdIssue TrackingRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.