CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7058
https://notcve.org/view.php?id=CVE-2020-7058
data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm. ** EN DISPUTA** el archivo data_input.php en Cacti versión 1.2.8, permite una ejecución de código remota por medio de una Cadena de Entrada diseñada en Data Collection-) Data Input Methods -) Unix -) Ping Host. NOTA: el vendedor ha declarado "Esto es una falsa alarma". • https://github.com/Cacti/cacti/issues/3186 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-17358
https://notcve.org/view.php?id=CVE-2019-17358
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module. Cacti versiones hasta 1.2.7, está afectado por múltiples instancias de deserialización no segura de la biblioteca lib/functions.php de datos controlados por parte del usuario para llenar matrices. Un atacante autenticado podría usar esto para influir en los valores de los datos del objeto y controlar las acciones tomadas por Cacti o potencialmente causar una corrupción de la memoria en el módulo PHP. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358 https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109 https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed4 • CWE-502: Deserialization of Untrusted Data CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16723
https://notcve.org/view.php?id=CVE-2019-16723
In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. En Cacti versiones hasta 1.2.6, los usuarios autenticados pueden omitir las comprobaciones de autorización (para visualizar un gráfico) por medio de una petición directa del archivo graph_json.php con un parámetro local_graph_id modificado. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://github.com/Cacti/cacti/issues/2964 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZO3ROHHPKLH2JRW7ES5FYSQTWIPNVLQB https://lists.fedoraproject.org/archives/list/package • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2019-11025
https://notcve.org/view.php?id=CVE-2019-11025
In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. En clearFilter() en utilities.php en Cacti versiones anteriores a 1.2.3, no se produce ningún escape antes de imprimir el valor de la cadena de comunidad SNMP (Opciones SNMP) en la caché View poller, lo que conduce a XSS. • https://github.com/Cacti/cacti/compare/6ea486a...99995bb https://github.com/Cacti/cacti/issues/2581 https://lists.debian.org/debian-lts-announce/2019/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20724
https://notcve.org/view.php?id=CVE-2018-20724
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. Existe una vulnerabilidad Cross-Site Scripting (XSS) en pollers.php en Cacti, en versiones anteriores a la 1.2.0, debido a la falta de escapado de caracteres no planeados en el campo nombre de host del sitio web para los recolectores de datos. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://github.com/Cacti/cacti/blob/develop/CHANGELOG https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53 https://github.com/Cacti/cacti/issues/2212 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •