Information on source package cacti

Available versions

ReleaseVersion
buster1.2.2+ds1-2+deb10u4
buster (security)1.2.2+ds1-2+deb10u6
bullseye1.2.16+ds1-2+deb11u2
bookworm1.2.24+ds1-1+deb12u1
trixie1.2.26+ds1-1
sid1.2.26+ds1-1

Open issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2023-50569fixedfixedvulnerablefixedfixedReflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, a ...
CVE-2023-50250fixedfixedvulnerablefixedfixedCacti is an open source operational monitoring and fault management fr ...
CVE-2023-49088fixedvulnerablevulnerablefixedfixedCacti is an open source operational monitoring and fault management fr ...
CVE-2023-49086fixedvulnerablevulnerablefixedfixedCacti is a robust performance and fault management framework and a fro ...
CVE-2023-49085fixedvulnerablevulnerablefixedfixedCacti provides an operational monitoring and fault management framewor ...
CVE-2023-49084fixedvulnerablevulnerablefixedfixedCacti is a robust performance and fault management framework and a fro ...
CVE-2023-46490fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedSQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker ...
CVE-2023-39513fixedvulnerablevulnerablefixedfixedCacti is an open source operational monitoring and fault management fr ...
CVE-2023-39360fixedvulnerablevulnerablefixedfixedCacti is an open source operational monitoring and fault management fr ...
CVE-2023-37543vulnerable (no DSA, ignored)fixedfixedfixedfixedCacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for ...
CVE-2023-30534vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedCacti is an open source operational monitoring and fault management fr ...
CVE-2022-41444fixedvulnerable (no DSA)fixedfixedfixedCross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted P ...

Open unimportant issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2022-48538vulnerablevulnerablefixedfixedfixedIn Cacti 1.2.19, there is an authentication bypass in the web login fu ...
CVE-2020-7058vulnerablevulnerablevulnerablevulnerablevulnerabledata_input.php in Cacti 1.2.8 allows remote code execution via a craft ...

Resolved issues

BugDescription
TEMP-0000000-F32736SQL Injection Vulnerability in graph items and graph template items
TEMP-0000000-F6033CSQL Injection in data_templates.php
TEMP-0000000-EFA573SQL Injection Vulnerability in data sources
TEMP-0000000-E43D47SQL Injection in cdef.php
TEMP-0000000-AA638ESQL Injection in graph_templates.php
TEMP-0000000-018938SQL Injection in host_templates.php
CVE-2023-51448Cacti provides an operational monitoring and fault management framewor ...
CVE-2023-39516Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-39515Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-39514Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-39512Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-39511Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-39510Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-39366Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-39365Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-39364Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-39362Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-39361Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-39359Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-39358Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-39357Cacti is an open source operational monitoring and fault management fr ...
CVE-2023-31132Cacti is an open source operational monitoring and fault management fr ...
CVE-2022-48547A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g a ...
CVE-2022-46169Cacti is an open source platform which provides a robust and extensibl ...
CVE-2022-0730Under certain ldap conditions, Cacti authentication can be bypassed wi ...
CVE-2021-26247As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_c ...
CVE-2021-23225Cacti 1.1.38 allows authenticated users with User Management permissio ...
CVE-2021-3816Cacti 1.1.38 allows authenticated users with User Management permissio ...
CVE-2020-35701An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection ...
CVE-2020-25706A cross-site scripting (XSS) vulnerability exists in templates_import. ...
CVE-2020-23226Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1. ...
CVE-2020-14424Cacti before 1.2.18 allows remote attackers to trigger XSS via templat ...
CVE-2020-14295A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to ...
CVE-2020-13231In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for a ...
CVE-2020-13230In Cacti before 1.2.11, disabling a user account does not immediately ...
CVE-2020-8813graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ...
CVE-2020-7237Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...
CVE-2020-7106Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ...
CVE-2019-17358Cacti through 1.2.7 is affected by multiple instances of lib/functions ...
CVE-2019-17357Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injec ...
CVE-2019-16723In Cacti through 1.2.6, authenticated users may bypass authorization c ...
CVE-2019-11025In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping o ...
CVE-2018-20726A cross-site scripting (XSS) vulnerability exists in host.php (via tre ...
CVE-2018-20725A cross-site scripting (XSS) vulnerability exists in graph_templates.p ...
CVE-2018-20724A cross-site scripting (XSS) vulnerability exists in pollers.php in Ca ...
CVE-2018-20723A cross-site scripting (XSS) vulnerability exists in color_templates.p ...
CVE-2018-10061Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars ...
CVE-2018-10060Cacti before 1.1.37 has XSS because it does not properly reject uninte ...
CVE-2018-10059Cacti before 1.1.37 has XSS because the get_current_page function in l ...
CVE-2017-1000032Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remot ...
CVE-2017-1000031SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8 ...
CVE-2017-16785Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
CVE-2017-16661Cacti 1.1.27 allows remote authenticated administrators to read arbitr ...
CVE-2017-16660Cacti 1.1.27 allows remote authenticated administrators to conduct Rem ...
CVE-2017-16641lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators ...
CVE-2017-15194include/global_session.php in Cacti 1.1.25 has XSS related to (1) the ...
CVE-2017-12978lib/html.php in Cacti before 1.1.18 has XSS via the title field of an ...
CVE-2017-12927A cross-site scripting vulnerability exists in Cacti 1.1.17 in the met ...
CVE-2017-12066Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Ca ...
CVE-2017-12065spikekill.php in Cacti before 1.1.16 might allow remote attackers to e ...
CVE-2017-11691Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti ...
CVE-2017-11163Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Ca ...
CVE-2017-10970Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 a ...
CVE-2016-10700auth_login.php in Cacti before 1.0.0 allows remote authenticated users ...
CVE-2016-3659SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows ...
CVE-2016-3172SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier al ...
CVE-2016-2313auth_login.php in Cacti before 0.8.8g allows remote authenticated user ...
CVE-2015-8604SQL injection vulnerability in the host_new_graphs function in graphs_ ...
CVE-2015-8377SQL injection vulnerability in the host_new_graphs_save function in gr ...
CVE-2015-8369SQL injection vulnerability in include/top_graph_header.php in Cacti 0 ...
CVE-2015-4634SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allow ...
CVE-2015-4454SQL injection vulnerability in the get_hash_graph_template function in ...
CVE-2015-4342SQL injection vulnerability in Cacti before 0.8.8d allows remote attac ...
CVE-2015-2967Cross-site scripting (XSS) vulnerability in settings.php in Cacti befo ...
CVE-2015-2665Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows ...
CVE-2015-0916SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows ...
CVE-2014-5262SQL injection vulnerability in the graph settings script (graph_settin ...
CVE-2014-5261The graph settings script (graph_settings.php) in Cacti 0.8.8b and ear ...
CVE-2014-5026Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b al ...
CVE-2014-5025Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti ...
CVE-2014-4002Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b al ...
CVE-2014-4000Cacti before 1.0.0 allows remote authenticated users to conduct PHP ob ...
CVE-2014-2709lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attacke ...
CVE-2014-2708Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8 ...
CVE-2014-2328lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remot ...
CVE-2014-2327Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8 ...
CVE-2014-2326Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, ...
CVE-2013-7464In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not confi ...
CVE-2013-5589SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earl ...
CVE-2013-5588Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b an ...
CVE-2013-1435(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote atta ...
CVE-2013-1434Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) u ...
CVE-2011-5223Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti ...
CVE-2011-4824SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h a ...
CVE-2010-2545Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0. ...
CVE-2010-2544Cross-site scripting (XSS) vulnerability in utilities.php in Cacti bef ...
CVE-2010-2543Cross-site scripting (XSS) vulnerability in include/top_graph_header.p ...
CVE-2010-2092SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier a ...
CVE-2010-1645Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HP ...
CVE-2010-1644Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0. ...
CVE-2010-1431SQL injection vulnerability in templates_export.php in Cacti 0.8.7e an ...
CVE-2009-4112Cacti 0.8.7e and earlier allows remote authenticated administrators to ...
CVE-2009-4032Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e al ...
CVE-2008-0786CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 be ...
CVE-2008-0785Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b an ...
CVE-2008-0784graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows ...
CVE-2008-0783Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 bef ...
CVE-2007-6035SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows ...
CVE-2007-3113Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...
CVE-2007-3112graph_image.php in Cacti 0.8.6i, and possibly other versions, allows r ...
CVE-2006-6799SQL injection vulnerability in Cacti 0.8.6i and earlier, when register ...
CVE-2006-0806Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as ...
CVE-2006-0410SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQ ...
CVE-2006-0147Dynamic code evaluation vulnerability in tests/tmssql.php test script ...
CVE-2006-0146The server.php test script in ADOdb for PHP before 4.70, as used in mu ...
CVE-2005-2149config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...
CVE-2005-2148Cacti 0.8.6e and earlier does not perform proper input validation to p ...
CVE-2005-1526PHP remote file inclusion vulnerability in config_settings.php in Cact ...
CVE-2005-1525SQL injection vulnerability in config_settings.php for Cacti before 0. ...
CVE-2005-1524PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8. ...
CVE-2004-1737SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows r ...
CVE-2004-1736Cacti 0.8.5a allows remote attackers to gain sensitive information via ...
CVE-2002-1479Cacti before 0.6.8 stores a MySQL username and password in plaintext i ...
CVE-2002-1478Cacti before 0.6.8 allows attackers to execute arbitrary commands via ...
CVE-2002-1477graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti adm ...

Security announcements

DSA / DLADescription
DLA-3765-1cacti - security update
DSA-5550-1cacti - security update
DLA-3252-1cacti - security update
DSA-5298-1cacti - security update
DLA-2965-1cacti - security update
DSA-4604-1cacti - security update
DLA-2069-1cacti - security update
DLA-2032-1cacti - security update
DLA-1757-1cacti - security update
DLA-560-2cacti - regression update
DLA-560-1cacti - security update
DSA-3494-1cacti - security update
DLA-386-1cacti - security update
DLA-374-3cacti - regression update
DLA-374-2cacti - regression update
DLA-374-1cacti - security update
DSA-3423-1cacti - security update
DSA-3312-1cacti - security update
DLA-278-2cacti - regression update
DLA-278-1cacti - security update
DLA-255-1cacti - security update
DSA-3295-1cacti - security update
DLA-40-1cacti - security update
DSA-3007-1cacti - security update
DSA-2970-1cacti - security update
DSA-2747-1cacti - several
DSA-2739-1cacti - several
DSA-2384-2cacti - several
DSA-2384-1cacti - several
DSA-2060-1cacti - SQL injection
DSA-2039-1cacti - missing input sanitising
DSA-1954-1cacti - insufficient input sanitising
DSA-1569-1cacti - multiple vulnerabilities
DSA-1418-1cacti - SQL injection
DSA-1250-1cacti
DSA-1031-1cacti - several
DSA-764-1cacti - several
DSA-164cacti - arbitrary code execution

Search for package or bug name: Reporting problems