VYPR

Vendor CVEs

Cacti (software)

All CVEs

171 total · sorted by risk
  • CVE-2024-29895CriMay 14, 2024
    risk 0.65cvss 10.0epss 0.94

    Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php`…

  • CVE-2017-12065CriAug 1, 2017
    risk 0.64cvss 9.8epss 0.03

    spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.

  • CVE-2014-4000HigNov 15, 2017
    risk 0.57cvss 8.8epss 0.02

    Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).

  • CVE-2017-1000031HigJul 17, 2017
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.

  • CVE-2016-2313HigApr 13, 2016
    risk 0.57cvss 8.8epss 0.03

    auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.

  • CVE-2016-3172HigApr 12, 2016
    risk 0.57cvss 8.8epss 0.03

    SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.

  • CVE-2015-8604HigApr 11, 2016
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.

  • CVE-2016-3659HigApr 11, 2016
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.

  • CVE-2016-10700HigNov 24, 2017
    risk 0.50cvss 8.8epss 0.02

    auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an…

  • CVE-2017-16660HigNov 8, 2017
    risk 0.47cvss 7.2epss 0.04

    Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.

  • CVE-2017-16641HigNov 7, 2017
    risk 0.47cvss 7.2epss 0.03

    lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.

  • CVE-2017-16785MedNov 10, 2017
    risk 0.40cvss 6.1epss 0.01

    Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.

  • CVE-2017-15194MedOct 11, 2017
    risk 0.40cvss 6.1epss 0.01

    include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.

  • CVE-2017-12927MedAug 18, 2017
    risk 0.40cvss 6.1epss 0.01

    A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.

  • CVE-2017-1000032MedJul 17, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.

  • CVE-2025-45160MedJan 29, 2026
    risk 0.35cvss 5.4epss 0.00

    A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject…

  • CVE-2018-10061MedApr 12, 2018
    risk 0.35cvss 5.4epss 0.01

    Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).

  • CVE-2018-10060MedApr 12, 2018
    risk 0.35cvss 5.4epss 0.01

    Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.

  • CVE-2018-10059MedApr 12, 2018
    risk 0.35cvss 5.4epss 0.01

    Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.

  • CVE-2017-12978MedAug 21, 2017
    risk 0.35cvss 5.4epss 0.01

    lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.

  • CVE-2017-12066MedAug 1, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists…

  • CVE-2017-11691MedJul 27, 2017
    risk 0.35cvss 5.4epss 0.02

    Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

  • CVE-2017-11163MedJul 10, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.

  • CVE-2017-10970MedJul 6, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.

  • CVE-2024-30268MedMay 14, 2024
    risk 0.33cvss 6.1epss 0.01

    Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in…

  • CVE-2017-16661MedNov 8, 2017
    risk 0.32cvss 4.9epss 0.01

    Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.

  • CVE-2022-46169KEVDec 5, 2022
    risk 0.23cvss epss 1.00

    Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if…

  • CVE-2024-25641May 13, 2024
    risk 0.10cvss epss 0.86

    Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP…

  • CVE-2023-49085Dec 22, 2023
    risk 0.10cvss epss 0.85

    Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the…

  • CVE-2023-49084Dec 21, 2023
    risk 0.10cvss epss 0.64

    Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server.…

  • CVE-2023-39362Sep 5, 2023
    risk 0.10cvss epss 0.82

    Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code…

  • CVE-2020-8813Feb 22, 2020
    risk 0.10cvss epss 0.74

    graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.

  • CVE-2020-14295Jun 17, 2020
    risk 0.09cvss epss 0.86

    A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

  • CVE-2005-10004Aug 30, 2025
    risk 0.08cvss epss 0.02

    Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows…

  • CVE-2025-24367Jan 27, 2025
    risk 0.07cvss epss 0.51

    Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This…

  • CVE-2023-39361Sep 5, 2023
    risk 0.07cvss epss 0.88

    Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an…

  • CVE-2024-43363Oct 7, 2024
    risk 0.06cvss epss 0.36

    Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps…

  • CVE-2023-30534Sep 5, 2023
    risk 0.04cvss epss 0.03

    Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included,…

  • CVE-2006-0146Jan 9, 2006
    risk 0.04cvss epss 0.13

    The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to…

  • CVE-2006-0147Jan 9, 2006
    risk 0.04cvss epss 0.13

    Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote…

  • CVE-2005-1524Jun 22, 2005
    risk 0.04cvss epss 0.16

    PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.

  • CVE-2005-1526Jun 22, 2005
    risk 0.04cvss epss 0.17

    PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter.

  • CVE-2024-54146Jan 27, 2025
    risk 0.03cvss epss 0.39

    Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.

  • CVE-2023-51448Dec 22, 2023
    risk 0.03cvss epss 0.09

    Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities”…

  • CVE-2020-7237Jan 20, 2020
    risk 0.03cvss epss 0.37

    Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify…

  • CVE-2014-4644Jun 25, 2014
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2010-2544Aug 23, 2010
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

  • CVE-2010-2543Aug 23, 2010
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for…

  • CVE-2010-1431May 4, 2010
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.

  • CVE-2009-4032Nov 29, 2009
    risk 0.03cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by…

Page 1 of 4