Cacti
Monthly
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29.
Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.
Cacti is an open source performance and fault management framework. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Cacti monitoring platform prior to version 1.2.29 allows authenticated users to achieve remote code execution through the graph creation and template functionality. Attackers abuse the graphing engine to create arbitrary PHP scripts in the web root, escalating from monitoring access to full server control.
Cacti versions prior to 1.2.29 contain an authenticated command injection through the SNMP result parser. By injecting malformed OIDs into SNMP responses, authenticated users can execute arbitrary system commands when the results are processed by the ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes() functions.
Cacti is an open source performance and fault management framework. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cacti is an open source performance and fault management framework. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cacti is an open source performance and fault management framework. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29.
Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.
Cacti is an open source performance and fault management framework. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Cacti monitoring platform prior to version 1.2.29 allows authenticated users to achieve remote code execution through the graph creation and template functionality. Attackers abuse the graphing engine to create arbitrary PHP scripts in the web root, escalating from monitoring access to full server control.
Cacti versions prior to 1.2.29 contain an authenticated command injection through the SNMP result parser. By injecting malformed OIDs into SNMP responses, authenticated users can execute arbitrary system commands when the results are processed by the ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes() functions.
Cacti is an open source performance and fault management framework. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cacti is an open source performance and fault management framework. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cacti is an open source performance and fault management framework. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.