Cacti: Security Vulnerabilities
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
CVSS Score
4.3
EPSS Score
0.008
Published
2020-05-20
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-05-20
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVSS Score
8.8
EPSS Score
0.941
Published
2020-02-22
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
CVSS Score
6.5
EPSS Score
0.068
Published
2020-01-21
Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.
CVSS Score
8.8
EPSS Score
0.468
Published
2020-01-20
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).
CVSS Score
6.1
EPSS Score
0.041
Published
2020-01-16
data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm.
CVSS Score
8.8
EPSS Score
0.009
Published
2020-01-15
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.
CVSS Score
8.1
EPSS Score
0.024
Published
2019-12-12
In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-09-23
In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-04-08