CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43362 – Stored Cross-site Scripting (XSS) when creating external links in Cacti
https://notcve.org/view.php?id=CVE-2024-43362
07 Oct 2024 — Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability k... • https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34340 – Authentication Bypass when using using older password hashes
https://notcve.org/view.php?id=CVE-2024-34340
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. • https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m • CWE-287: Improper Authentication CWE-697: Incorrect Comparison •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2024-31460 – Cacti SQL Injection vulnerability in lib/api_automation.php caused by reading dirty data stored in database
https://notcve.org/view.php?id=CVE-2024-31460
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further im... • https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-31459 – Cacti RCE vulnerability by file include in lib/plugin.php
https://notcve.org/view.php?id=CVE-2024-31459
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. • https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31458 – Cacti SQL Injection vulnerability in lib/html_form_templates.php by reading dirty data stored in database
https://notcve.org/view.php?id=CVE-2024-31458
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue. Cacti proporciona un framework de monitoreo operativo y gestión de fallas. Antes de la ver... • https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2024-31445 – SQL Injection vulnerability in automation_get_new_graphs_sql
https://notcve.org/view.php?id=CVE-2024-31445
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter o... • https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31444 – Cacti XSS vulnerability in lib/html.php by reading dirty data stored in database
https://notcve.org/view.php?id=CVE-2024-31444
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. Cacti proporciona un framework de monitoreo operativo y gestión de fallas. Antes de la versión 1.2... • https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31443 – Cacti XSS vulnerability in lib/html_tree.php by reading dirty data stored in database
https://notcve.org/view.php?id=CVE-2024-31443
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. Cacti proporciona un framework de monitoreo operativo y gestión de fallas. Antes de 1.2.27, algunos de los datos almacenados en l... • https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30268 – Cacti XSS vulnerability in display_settings
https://notcve.org/view.php?id=CVE-2024-30268
13 May 2024 — Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit a38b9046e9772612fda847b46308f9391a49891e. Cacti proporciona un framework de monitoreo operativo y gestión de fallas. Una vulnerabilidad de Cross Site Scripting reflejada en la rama DEV 1.3.x permite a los atacantes obtener co... • https://github.com/Cacti/cacti/blob/08497b8bcc6a6037f7b1aae303ad8f7dfaf7364e/settings.php#L66 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 93%CPEs: 1EXPL: 4CVE-2024-29895 – Cacti command injection in cmd_realtime.php
https://notcve.org/view.php?id=CVE-2024-29895
13 May 2024 — Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environment... • https://github.com/Stuub/CVE-2024-29895-CactiRCE-PoC • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •