CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66399 – SNMP Command Injection leads to RCE in Cacti
https://notcve.org/view.php?id=CVE-2025-66399
02 Dec 2025 — Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this ca... • https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 54%CPEs: 1EXPL: 3CVE-2005-10004 – Cacti graph_view.php RCE via graph_start Parameter Injection
https://notcve.org/view.php?id=CVE-2005-10004
30 Aug 2025 — Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/cacti_graphimage_exec.rb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26520
https://notcve.org/view.php?id=CVE-2025-26520
12 Feb 2025 — Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146. • https://github.com/Cacti/cacti/commit/7fa60c03ad4a69c701ac6b77c85a8927df7acd51 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24368 – Cacti has a SQL Injection vulnerability when using tree rules through Automation API
https://notcve.org/view.php?id=CVE-2025-24368
27 Jan 2025 — Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29. Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, or command ... • https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 56%CPEs: 1EXPL: 3CVE-2025-24367 – Cacti allows Arbitrary File Creation leading to RCE
https://notcve.org/view.php?id=CVE-2025-24367
27 Jan 2025 — Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29. Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, or command injection. • https://packetstorm.news/files/id/211135 • CWE-144: Improper Neutralization of Line Delimiters •
CVSS: 9.1EPSS: 54%CPEs: 1EXPL: 1CVE-2025-22604 – Cacti has Authenticated RCE via multi-line SNMP responses
https://notcve.org/view.php?id=CVE-2025-22604
27 Jan 2025 — Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29. Multiple security vulnerabilities have been discovered in Cacti, a web interface for gr... • https://github.com/ishwardeepp/CVE-2025-22604-Cacti-RCE • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54145 – Cacti has a SQL Injection vulnerability when request automation devices
https://notcve.org/view.php?id=CVE-2024-54145
27 Jan 2025 — Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29. Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, or command injection. • https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-54146 – Cacti has a SQL Injection vulnerability when view host template
https://notcve.org/view.php?id=CVE-2024-54146
27 Jan 2025 — Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29. • https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45598 – Cacti has a Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path
https://notcve.org/view.php?id=CVE-2024-45598
27 Jan 2025 — Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29. Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of mo... • https://github.com/Cacti/cacti/commit/eca52c6bb3e76c55d66b1040baa6dbf37471a0ae • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 70%CPEs: 1EXPL: 1CVE-2024-43363 – Remote code execution via Log Poisoning in Cacti
https://notcve.org/view.php?id=CVE-2024-43363
07 Oct 2024 — Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addresse... • https://github.com/p33d/CVE-2024-43363 • CWE-94: Improper Control of Generation of Code ('Code Injection') •