Cacti (software)
Cacti is an open-source, web-based network monitoring, performance, fault, and configuration management framework that functions as a front end for the RRDtool time-series data logging tool. Created by Ian Berry in 2001, it is written in PHP with a MySQL or MariaDB backend and released under the GNU General Public License.
Products
2- 171 CVEs
- 1 CVE
Recent CVEs
171| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29895 | Cri | 0.65 | 10.0 | 0.94 | May 14, 2024 | Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php`… | ||
| CVE-2017-12065 | Cri | 0.64 | 9.8 | 0.03 | Aug 1, 2017 | spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. | ||
| CVE-2014-4000 | Hig | 0.57 | 8.8 | 0.02 | Nov 15, 2017 | Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). | ||
| CVE-2017-1000031 | Hig | 0.57 | 8.8 | 0.01 | Jul 17, 2017 | SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. | ||
| CVE-2016-2313 | Hig | 0.57 | 8.8 | 0.03 | Apr 13, 2016 | auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. | ||
| CVE-2016-3172 | Hig | 0.57 | 8.8 | 0.03 | Apr 12, 2016 | SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. | ||
| CVE-2015-8604 | Hig | 0.57 | 8.8 | 0.02 | Apr 11, 2016 | SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. | ||
| CVE-2016-3659 | Hig | 0.57 | 8.8 | 0.02 | Apr 11, 2016 | SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. | ||
| CVE-2016-10700 | Hig | 0.50 | 8.8 | 0.02 | Nov 24, 2017 | auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an… | ||
| CVE-2017-16660 | Hig | 0.47 | 7.2 | 0.04 | Nov 8, 2017 | Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. | ||
| CVE-2017-16641 | Hig | 0.47 | 7.2 | 0.03 | Nov 7, 2017 | lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | ||
| CVE-2017-16785 | Med | 0.40 | 6.1 | 0.01 | Nov 10, 2017 | Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. | ||
| CVE-2017-15194 | Med | 0.40 | 6.1 | 0.01 | Oct 11, 2017 | include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. | ||
| CVE-2017-12927 | Med | 0.40 | 6.1 | 0.01 | Aug 18, 2017 | A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. | ||
| CVE-2017-1000032 | Med | 0.40 | 6.1 | 0.01 | Jul 17, 2017 | Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. | ||
| CVE-2025-45160 | Med | 0.35 | 5.4 | 0.00 | Jan 29, 2026 | A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject… | ||
| CVE-2018-10061 | Med | 0.35 | 5.4 | 0.01 | Apr 12, 2018 | Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). | ||
| CVE-2018-10060 | Med | 0.35 | 5.4 | 0.01 | Apr 12, 2018 | Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. | ||
| CVE-2018-10059 | Med | 0.35 | 5.4 | 0.01 | Apr 12, 2018 | Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. | ||
| CVE-2017-12978 | Med | 0.35 | 5.4 | 0.01 | Aug 21, 2017 | lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. |
- risk 0.65cvss 10.0epss 0.94
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php`…
- risk 0.64cvss 9.8epss 0.03
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
- risk 0.57cvss 8.8epss 0.02
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
- risk 0.57cvss 8.8epss 0.01
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
- risk 0.57cvss 8.8epss 0.03
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.
- risk 0.57cvss 8.8epss 0.03
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.
- risk 0.57cvss 8.8epss 0.02
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
- risk 0.57cvss 8.8epss 0.02
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.
- risk 0.50cvss 8.8epss 0.02
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an…
- risk 0.47cvss 7.2epss 0.04
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
- risk 0.47cvss 7.2epss 0.03
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
- risk 0.40cvss 6.1epss 0.01
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
- risk 0.40cvss 6.1epss 0.01
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
- risk 0.40cvss 6.1epss 0.01
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
- risk 0.40cvss 6.1epss 0.01
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.
- risk 0.35cvss 5.4epss 0.00
A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject…
- risk 0.35cvss 5.4epss 0.01
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
- risk 0.35cvss 5.4epss 0.01
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
- risk 0.35cvss 5.4epss 0.01
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.
- risk 0.35cvss 5.4epss 0.01
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.