Vulnerabilities
Vulnerable Software
Cacti:  Security Vulnerabilities
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
CVSS Score
5.4
EPSS Score
0.01
Published
2019-01-16
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.
CVSS Score
5.4
EPSS Score
0.012
Published
2018-04-12
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVSS Score
5.4
EPSS Score
0.01
Published
2018-04-12
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVSS Score
5.4
EPSS Score
0.011
Published
2018-04-12
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.
CVSS Score
8.8
EPSS Score
0.025
Published
2017-11-24
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
CVSS Score
8.8
EPSS Score
0.017
Published
2017-11-15
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
CVSS Score
6.1
EPSS Score
0.01
Published
2017-11-10
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
CVSS Score
7.2
EPSS Score
0.042
Published
2017-11-08
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.
CVSS Score
4.9
EPSS Score
0.015
Published
2017-11-08
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVSS Score
7.2
EPSS Score
0.032
Published
2017-11-07


Contact Us

Shodan ® - All rights reserved