CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24368 – Cacti has a SQL Injection vulnerability when using tree rules through Automation API
https://notcve.org/view.php?id=CVE-2025-24368
27 Jan 2025 — Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29. • https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24367 – Cacti allows Arbitrary File Creation leading to RCE
https://notcve.org/view.php?id=CVE-2025-24367
27 Jan 2025 — Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29. • https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 • CWE-144: Improper Neutralization of Line Delimiters •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22604 – Cacti has Authenticated RCE via multi-line SNMP responses
https://notcve.org/view.php?id=CVE-2025-22604
27 Jan 2025 — Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29. • https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54145 – Cacti has a SQL Injection vulnerability when request automation devices
https://notcve.org/view.php?id=CVE-2024-54145
27 Jan 2025 — Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29. • https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54146 – Cacti has a SQL Injection vulnerability when view host template
https://notcve.org/view.php?id=CVE-2024-54146
27 Jan 2025 — Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29. • https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45598 – Cacti has a Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path
https://notcve.org/view.php?id=CVE-2024-45598
27 Jan 2025 — Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29. • https://github.com/Cacti/cacti/commit/eca52c6bb3e76c55d66b1040baa6dbf37471a0ae • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-43363 – Remote code execution via Log Poisoning in Cacti
https://notcve.org/view.php?id=CVE-2024-43363
07 Oct 2024 — Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addresse... • https://github.com/p33d/CVE-2024-43363 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43365 – Stored Cross-site Scripting (XSS) when creating external links in Cacti
https://notcve.org/view.php?id=CVE-2024-43365
07 Oct 2024 — Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerab... • https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43364 – Stored Cross-site Scripting (XSS) when creating external links in Cacti
https://notcve.org/view.php?id=CVE-2024-43364
07 Oct 2024 — Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Script... • https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43362 – Stored Cross-site Scripting (XSS) when creating external links in Cacti
https://notcve.org/view.php?id=CVE-2024-43362
07 Oct 2024 — Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability k... • https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •