| CVE-2020-35701 |
AVG-1433 |
High |
Yes |
Arbitrary code execution |
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute... |
| CVE-2017-16785 |
AVG-537 |
High |
Yes |
Cross-site scripting |
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. |
| CVE-2017-16661 |
AVG-537 |
Medium |
Yes |
Arbitrary filesystem access |
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a... |
| CVE-2017-16660 |
AVG-537 |
High |
Yes |
Arbitrary code execution |
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making... |
| CVE-2017-16641 |
AVG-537 |
High |
Yes |
Arbitrary command execution |
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save... |
| CVE-2017-11691 |
AVG-365 |
Medium |
Yes |
Cross-site scripting |
A cross-site scripting vulnerability has been found in Cacti <= 1.1.13, in the user profile management page (auth_profile.php), allowing inject arbitrary... |