📦 Cacti

CVE-2025-22604 is a command injection vulnerability in Cacti's SNMP result parser that allows authenticated users to execute arbitrary system commands. The vulnerability affects Cacti versions before ...

CVE-2024-25641 is an arbitrary file write vulnerability in Cacti's Package Import feature that allows authenticated users with 'Import Templates' permission to write arbitrary files to the web server,...

CVE-2023-39361 is a critical SQL injection vulnerability in Cacti's graph_view.php that allows unauthenticated attackers to execute arbitrary SQL commands. Since guest users can access this endpoint w...

CVE-2022-0730 is an authentication bypass vulnerability in Cacti that allows attackers to gain unauthorized access under specific LDAP configurations. The vulnerability affects Cacti systems using LDA...

This vulnerability allows authenticated Cacti users to inject malicious SNMP community strings containing control characters like newlines. When these strings are used in backend SNMP operations, they...

This vulnerability allows authenticated users to execute arbitrary shell commands on Cacti servers through improper input handling in the graph_view.php script. Attackers can compromise system integri...

CVE-2025-26520 is an SQL injection vulnerability in Cacti's host_templates.php file via the graph_template parameter. This allows attackers to execute arbitrary SQL commands on the database. All Cacti...

An authenticated Cacti user can abuse graph creation functionality to write arbitrary PHP files to the web root, leading to remote code execution on the server. This affects all Cacti installations wi...

This SQL injection vulnerability in Cacti allows attackers to manipulate database queries through the automation_tree_rules.php interface. Attackers could potentially read, modify, or delete data from...

Cacti versions before 1.2.29 contain a SQL injection vulnerability in the host_templates.php template function via the graph_template parameter. This allows authenticated attackers to execute arbitrar...

This stored XSS vulnerability in Cacti allows authenticated users with external link creation privileges to inject malicious scripts into web pages. When other users view pages containing these manipu...

CVE-2024-31459 is a critical vulnerability in Cacti monitoring software that allows remote code execution through a combination of SQL injection and file inclusion flaws. Attackers can exploit this to...

This SQL injection vulnerability in Cacti allows authenticated users to execute arbitrary SQL commands, potentially leading to privilege escalation and remote code execution. It affects all Cacti inst...

This CVE-2023-49084 vulnerability in Cacti allows authenticated users to perform SQL injection and arbitrary code execution on the server through the link.php component. Attackers can exploit insuffic...

This CVE describes a privilege escalation vulnerability in Cacti where low-privileged Windows users can create arbitrary PHP files in web directories and execute them with SYSTEM privileges. Affected ...

CVE-2023-39357 is a SQL injection vulnerability in Cacti's sql_save function that allows authenticated users to execute arbitrary SQL commands. This can lead to privilege escalation and remote code ex...

This vulnerability allows authenticated privileged users in Cacti 1.2.24 to perform command injection through SNMP device configuration, leading to remote code execution on the underlying server. The ...

An authenticated SQL injection vulnerability in Cacti allows authenticated users to escalate privileges and execute arbitrary code remotely. The vulnerability affects Cacti versions before 1.2.25 thro...

CVE-2023-37543 is an Insecure Direct Object Reference (IDOR) vulnerability in Cacti that allows attackers to access any monitoring graph by manipulating the local_graph_id parameter in graph_xport.php...

CVE-2024-54145 is a SQL injection vulnerability in Cacti's automation_devices.php file that allows attackers to execute arbitrary SQL commands through the network parameter. This affects all Cacti adm...

This vulnerability in Cacti allows administrators to read arbitrary local files on the server by manipulating the Poller Standard Error Log Path parameter and accessing the Logs tab. The issue affects...

This stored XSS vulnerability in Cacti allows authenticated users with external link creation privileges to inject malicious scripts via the title parameter. When other users view the affected page, t...

CVE-2024-31443 is a cross-site scripting (XSS) vulnerability in Cacti's data query functionality. Attackers can inject malicious scripts that execute in users' browsers when viewing certain pages. Thi...

CVE-2024-29894 is a residual cross-site scripting (XSS) vulnerability in Cacti monitoring software that allows attackers to inject malicious JavaScript via unescaped PHP variables. This could enable i...