CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34340 – Authentication Bypass when using using older password hashes
https://notcve.org/view.php?id=CVE-2024-34340
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. • https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m • CWE-287: Improper Authentication CWE-697: Incorrect Comparison •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31460 – Cacti SQL Injection vulnerability in lib/api_automation.php caused by reading dirty data stored in database
https://notcve.org/view.php?id=CVE-2024-31460
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further im... • https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31459 – Cacti RCE vulnerability by file include in lib/plugin.php
https://notcve.org/view.php?id=CVE-2024-31459
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. • https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31458 – Cacti SQL Injection vulnerability in lib/html_form_templates.php by reading dirty data stored in database
https://notcve.org/view.php?id=CVE-2024-31458
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue. Cacti proporciona un framework de monitoreo operativo y gestión de fallas. Antes de la ver... • https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31445 – SQL Injection vulnerability in automation_get_new_graphs_sql
https://notcve.org/view.php?id=CVE-2024-31445
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter o... • https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31444 – Cacti XSS vulnerability in lib/html.php by reading dirty data stored in database
https://notcve.org/view.php?id=CVE-2024-31444
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. Cacti proporciona un framework de monitoreo operativo y gestión de fallas. Antes de la versión 1.2... • https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31443 – Cacti XSS vulnerability in lib/html_tree.php by reading dirty data stored in database
https://notcve.org/view.php?id=CVE-2024-31443
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. Cacti proporciona un framework de monitoreo operativo y gestión de fallas. Antes de 1.2.27, algunos de los datos almacenados en l... • https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29894 – Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API
https://notcve.org/view.php?id=CVE-2024-29894
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. • https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27082 – Cacti Cross-site Scripting vulnerability when managing trees
https://notcve.org/view.php?id=CVE-2024-27082
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue. Cacti proporciona un framework de monitoreo operativo y gestión de fallas. Las versiones de Cacti anteriores a la 1.2.27 son vulnerables a Cross Site Scripting alma... • https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 9CVE-2024-25641 – Cacti RCE vulnerability when importing packages
https://notcve.org/view.php?id=CVE-2024-25641
13 May 2024 — Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and write... • https://packetstorm.news/files/id/179082 • CWE-20: Improper Input Validation •