CVE-2022-46169 – Cacti Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. • https://www.exploit-db.com/exploits/51166 https://github.com/0xf4n9x/CVE-2022-46169 https://github.com/sAsPeCt488/CVE-2022-46169 https://github.com/FredBrave/CVE-2022-46169-CACTI-1.2.22 https://github.com/c3rrberu5/CVE-2022-46169 https://github.com/Inplex-sys/CVE-2022-46169 https://github.com/taythebot/CVE-2022-46169 https://github.com/Habib0x0/CVE-2022-46169 https://github.com/ruycr4ft/CVE-2022-46169 https://github.com/a1665454764/CVE-2022-46169 https://github& • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-863: Incorrect Authorization •
CVE-2020-14424
https://notcve.org/view.php?id=CVE-2020-14424
Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. Cacti versiones anteriores a 1.2.18, permite a atacantes remotos desencadenar un ataque de tipo XSS por medio de la importación de plantillas para el tema midwinter • https://bugzilla.redhat.com/show_bug.cgi?id=2001016 https://github.com/Cacti/cacti/pull/4261 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-13231
https://notcve.org/view.php?id=CVE-2020-13231
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. En Cacti versiones anteriores a 1.2.11, auth_profile.php?action=edit permite un ataque de tipo CSRF para un cambio de correo electrónico de administrador. • https://github.com/Cacti/cacti/issues/3342 https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICJMWSY77IIGZYR6FE6NAQZFBO42VECO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3PCDGNELH7HEBIXRNT5J5EWQEXQAU6B • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-13230
https://notcve.org/view.php?id=CVE-2020-13230
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). En Cacti versiones anteriores a 1.2.11, deshabilita una cuenta de usuario que no invalida inmediatamente los permisos concedidos a dicha cuenta (por ejemplo, el permiso para visualizar los registros). • https://github.com/Cacti/cacti/issues/3343 https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11 https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICJMWSY77IIGZYR6FE6NAQZFBO42VECO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3PCDGNELH7HEBIXRNT5J5EWQEXQAU6B • CWE-281: Improper Preservation of Permissions •
CVE-2019-17357
https://notcve.org/view.php?id=CVE-2019-17357
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. Cacti versiones hasta 1.2.7, está afectado por una vulnerabilidad de inyección SQL de graphs.php?template_id= afectando la forma en que son manejados los identificadores de plantilla cuando una cadena y un valor compuesto de id son usados para identificar el tipo de plantilla y la identificación. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374 https://github.com/Cacti/cacti/issues/3025 https://security.gentoo.org/glsa/202003-40 https://www.darkmatter.ae/xen1thlabs • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •