Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVSS Score
5.4
EPSS Score
0.007
Published
2018-04-12
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVSS Score
5.4
EPSS Score
0.01
Published
2018-04-12
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-10
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
CVSS Score
7.2
EPSS Score
0.015
Published
2017-11-08
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.
CVSS Score
4.9
EPSS Score
0.002
Published
2017-11-08
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVSS Score
7.2
EPSS Score
0.005
Published
2017-11-07
Page 6