RSS   Vulnerabilities for 'Cacti'   RSS

2020-06-17
 
CVE-2020-14295

CWE-89
 

 
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

 
2020-05-20
 
CVE-2020-13231

CWE-352
 

 
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.

 
 
CVE-2020-13230

CWE-281
 

 
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).

 
2020-02-22
 
CVE-2020-8813

CWE-78
 

 
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.

 
2020-01-21
 
CVE-2019-17357

CWE-89
 

 
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.

 
2020-01-20
 
CVE-2020-7237

CWE-78
 

 
Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.

 
2020-01-16
 
CVE-2020-7106

CWE-79
 

 
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).

 
2020-01-15
 
CVE-2020-7058

CWE-20
 

 
** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm."

 
2019-12-12
 
CVE-2019-17358

CWE-502
 

 
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.

 
2019-09-23
 
CVE-2019-16723

CWE-639
 

 
In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.

 


Copyright 2020, cxsecurity.com

 

Back to Top