CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41444
https://notcve.org/view.php?id=CVE-2022-41444
Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php. Vulnerabilidad de Cross Site Scripting (XSS) en Cacti 1.2.21 a través de una petición POST a graphs_new.php. • https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 96%CPEs: 1EXPL: 26CVE-2022-46169 – Cacti Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. • https://www.exploit-db.com/exploits/51166 https://github.com/0xf4n9x/CVE-2022-46169 https://github.com/sAsPeCt488/CVE-2022-46169 https://github.com/FredBrave/CVE-2022-46169-CACTI-1.2.22 https://github.com/c3rrberu5/CVE-2022-46169 https://github.com/Inplex-sys/CVE-2022-46169 https://github.com/taythebot/CVE-2022-46169 https://github.com/Habib0x0/CVE-2022-46169 https://github.com/ruycr4ft/CVE-2022-46169 https://github.com/a1665454764/CVE-2022-46169 https://github& • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-863: Incorrect Authorization •