Home/Product/cacti
Product

cacti

153 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-66399
< 1.2.29
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP
8.8HIGH
 CVE-2005-10004
< 0.8.6d
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated us
8.8HIGH
 CVE-2025-26520
< 1.2.29
Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: t
7.6HIGH
 CVE-2025-24368
< 1.2.29
Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not th
7.5HIGH
 CVE-2025-24367
< 1.2.29
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph
8.8HIGH
 CVE-2025-22604
< 1.2.29
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated
9.1CRITICAL
 CVE-2024-54146
< 1.2.29
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template functi
7.6HIGH
 CVE-2024-54145
< 1.2.29
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_r
6.3MEDIUM
 CVE-2024-45598
< 1.2.29
Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Stand
6.0MEDIUM
 CVE-2024-43365
all versions
Cacti is an open source performance and fault management framework. Theconsolenewsection parameter is not properly sanitized whe
5.7MEDIUM
 CVE-2024-43364
< 1.2.28
Cacti is an open source performance and fault management framework. The title parameter is not properly sanitized when saving ex
5.7MEDIUM
 CVE-2024-43363
< 1.2.28
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname co
7.2HIGH
 CVE-2024-43362
< 1.2.28
Cacti is an open source performance and fault management framework. The fileurl parameter is not properly sanitized when saving
7.3HIGH
 CVE-2024-34340
< 1.2.27
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_has
9.1CRITICAL
 CVE-2024-31460
< 1.2.27
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `auto
6.5MEDIUM
 CVE-2024-31459
< 1.2.27
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue
8.0HIGH
 CVE-2024-31458
< 1.2.27
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form
4.6MEDIUM
 CVE-2024-31445
< 1.2.27
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in
8.8HIGH
 CVE-2024-31444
< 1.2.27
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `auto
4.6MEDIUM
 CVE-2024-31443
< 1.2.27
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in form_save()
5.7MEDIUM
 CVE-2024-29894
< 1.2.27
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cros
5.4MEDIUM
 CVE-2024-27082
< 1.2.27
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to store
7.6HIGH
 CVE-2024-25641
< 1.2.27
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerab
9.1CRITICAL
 CVE-2023-51448
all versions
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerabi
8.8HIGH
 CVE-2023-50250
all versions
Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was
5.4MEDIUM
 CVE-2023-49088
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.2
6.1MEDIUM
 CVE-2023-49085
<= 1.2.25
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute a
8.8HIGH
 CVE-2023-49086
all versions
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). A vulnerab
5.4MEDIUM
 CVE-2023-49084
all versions
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While usin
8.0HIGH
 CVE-2023-46490
all versions
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() funct
6.5MEDIUM
 CVE-2023-39511
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Sit
6.1MEDIUM
 CVE-2023-39516
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Sit
6.1MEDIUM
 CVE-2023-39365
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation com
4.6MEDIUM
 CVE-2023-39364
all versions
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be r
3.5LOW
 CVE-2023-39362
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authe
7.2HIGH
 CVE-2023-39358
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was di
8.8HIGH
 CVE-2023-39357
all versions
Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. W
8.8HIGH
 CVE-2023-31132
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escala
7.8HIGH
 CVE-2023-30534
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization
4.3MEDIUM
 CVE-2023-39515
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Sit
6.1MEDIUM
 CVE-2023-39514
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Sit
6.1MEDIUM
 CVE-2023-39513
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Sit
6.1MEDIUM
 CVE-2023-39512
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Sit
6.1MEDIUM
 CVE-2023-39510
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Sit
6.1MEDIUM
 CVE-2023-39366
>= 1.2.0 and < 1.2.25
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Sit
6.1MEDIUM
 CVE-2023-39361
all versions
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection di
9.8CRITICAL
 CVE-2023-39360
all versions
Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site
6.1MEDIUM
 CVE-2023-39359
< 1.2.25
Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was di
8.8HIGH
 CVE-2022-48547
<= 0.8.7g
A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject
6.1MEDIUM
 CVE-2022-48538
all versions
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code:
5.3MEDIUM
 CVE-2022-41444
all versions
Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.
6.1MEDIUM
 CVE-2023-37543
< 1.2.6
Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter
7.5HIGH
 CVE-2022-46169
< 1.2.23
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for
9.8CRITICAL
 CVE-2022-0730
all versions
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
9.8CRITICAL
 CVE-2021-3816
all versions
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during
5.4MEDIUM
 CVE-2021-26247
all versions
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successf
6.1MEDIUM
 CVE-2021-23225
all versions
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_userna
5.4MEDIUM
 CVE-2020-14424
< 1.2.18
Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.
6.1MEDIUM
 CVE-2020-23226
all versions
Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) dat
6.1MEDIUM
 CVE-2020-35701
>= 1.2.0 and <= 1.2.16
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated
8.8HIGH
 CVE-2020-25706
all versions
A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message
5.4MEDIUM
 CVE-2020-14295
all versions
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote
7.2HIGH
 CVE-2020-13231
< 1.2.11
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
6.5MEDIUM
 CVE-2020-13230
< 1.2.11
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., pe
4.3MEDIUM
 CVE-2020-8813
all versions
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, i
8.8HIGH
 CVE-2019-17357
<= 1.2.7
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are ha
6.5MEDIUM
 CVE-2020-7237
all versions
Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field o
8.8HIGH
 CVE-2020-7106
< 1.2.9
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, use
6.1MEDIUM
 CVE-2020-7058
all versions
data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection - Data Input Methods - Un
8.8HIGH
 CVE-2019-17358
<= 1.2.7
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to popul
8.1HIGH
 CVE-2019-16723
<= 1.2.6
In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php requ
4.3MEDIUM
 CVE-2019-11025
< 1.2.3
In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community st
5.4MEDIUM
 CVE-2018-20726
< 1.2.0
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unin
5.4MEDIUM
 CVE-2018-20725
< 1.2.0
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintend
4.8MEDIUM
 CVE-2018-20724
< 1.2.0
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended chara
4.8MEDIUM
 CVE-2018-20723
< 1.2.0
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintend
4.8MEDIUM
 CVE-2018-10061
<= 1.1.36
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when th
5.4MEDIUM
 CVE-2018-10060
<= 1.1.36
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function
5.4MEDIUM
 CVE-2018-10059
<= 1.1.36
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $
5.4MEDIUM
 CVE-2016-10700
< 1.0.0
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restri
8.8HIGH
 CVE-2014-4000
< 1.0.0
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a
8.8HIGH
 CVE-2017-16785
all versions
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
6.1MEDIUM
 CVE-2017-16661
all versions
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory,
4.9MEDIUM
 CVE-2017-16660
all versions
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the
7.2HIGH
 CVE-2017-16641
all versions
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool param
7.2HIGH
 CVE-2017-15194
all versions
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
6.1MEDIUM
 CVE-2017-12978
<= 1.1.17
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
5.4MEDIUM
 CVE-2017-12927
all versions
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
6.1MEDIUM
 CVE-2017-12066
<= 1.1.15
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to injec
5.4MEDIUM
 CVE-2017-12065
<= 1.1.15
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outl
9.8CRITICAL
 CVE-2017-11691
all versions
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web scrip
5.4MEDIUM
 CVE-2017-1000032
all versions
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the p
6.1MEDIUM
 CVE-2017-1000031
all versions
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL command
8.8HIGH
 CVE-2017-11163
all versions
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbit
5.4MEDIUM
 CVE-2017-10970
all versions
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script
5.4MEDIUM
 CVE-2016-2313
<= 0.8.8f
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restr
8.8HIGH
 CVE-2016-3172
<= 0.8.8g
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL com
8.8HIGH
 CVE-2015-8604
<= 0.8.8f
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authentica
8.8HIGH
 CVE-2016-3659
<= 0.8.8g
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands
8.8HIGH
 CVE-2015-8369
<= 0.8.8f
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitra
 CVE-2015-8377
<= 0.8.8f
SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authe
 CVE-2015-4634
<= 0.8.8d
SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the
 CVE-2015-2967
<= 0.8.8c
Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web sc
 CVE-2015-4454
<= 0.8.8c
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote atta
 CVE-2015-4342
<= 0.8.8c
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vecto
 CVE-2015-2665
<= 0.8.8c
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via
 CVE-2015-0916
<= 0.8.6e
SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL command
 CVE-2014-5026
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject
 CVE-2014-5025
all versions
Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access
 CVE-2014-5262
<= 0.8.8b
SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers
 CVE-2014-5261
<= 0.8.8b
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands v
 CVE-2014-4002
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML
 CVE-2014-4644
all versions
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrar
 CVE-2014-2709
>= 0.8.7 and <= 0.8.7g
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in
 CVE-2014-2328
>= 0.8.7 and <= 0.8.7g
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shel
 CVE-2014-2327
>= 0.8.7 and <= 0.8.7g
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authent
 CVE-2014-2708
all versions
Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute a
 CVE-2014-2326
all versions
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitr
 CVE-2013-5589
<= 0.8.8b
SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL command
 CVE-2013-5588
<= 0.8.8b
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web scr
 CVE-2013-1435
all versions
(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters
 CVE-2013-1434
<= 0.8.8a
Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to
 CVE-2011-5223
<= 0.8.7h
Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authent
 CVE-2011-4824
<= 0.8.7g
SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via
 CVE-2010-2545
<= 0.8.7f
Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) So
 CVE-2010-2544
<= 0.8.7f
Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (H
 CVE-2010-2543
<= 0.8.7f
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject
 CVE-2010-1645
<= 0.8.7e
Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated
 CVE-2010-1644
<= 0.8.7e
Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) So
 CVE-2010-2092
<= 0.8.7e
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via
 CVE-2010-1431
<= 0.8.7e
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL c
 CVE-2009-4112
<= 0.8.7e
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for th
 CVE-2009-4032
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML
 CVE-2008-0786
all versions
CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows
 CVE-2008-0785
all versions
Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to ex
 CVE-2008-0784
all versions
graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid loca
 CVE-2008-0783
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to
 CVE-2007-6035
<= 0.8.7
SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the
 CVE-2007-3113
<= 0.8.6i
Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a
 CVE-2007-3112
<= 0.8.6i
graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU
 CVE-2006-6799
<= 0.8.6i
SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute ar
 CVE-2006-0147
all versions
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products i
 CVE-2006-0146
all versions
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Mood
 CVE-2005-2149
all versions
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information
 CVE-2005-2148
all versions
Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers
 CVE-2005-1526
<= 0.8.6d
PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary
 CVE-2005-1525
<= 0.8.6d
SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL comman
 CVE-2005-1524
<= 0.8.6d
PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to
 CVE-2004-1736
all versions
Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) au
 CVE-2004-1737
all versions
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass
 CVE-2002-1479
all versions
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which al
 CVE-2002-1478
all versions
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
 CVE-2002-1477
all versions
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metachar
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin