cacti

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality.
Version 1.1.38-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-537 1.1.17-1 1.1.28-1 High Fixed
AVG-365 1.1.13-1 1.1.14-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2017-16785 AVG-537 High Yes Cross-site scripting
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
CVE-2017-16661 AVG-537 Medium Yes Arbitrary filesystem access
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a...
CVE-2017-16660 AVG-537 High Yes Arbitrary code execution
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making...
CVE-2017-16641 AVG-537 High Yes Arbitrary command execution
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save...
CVE-2017-11691 AVG-365 Medium Yes Cross-site scripting
A cross-site scripting vulnerability has been found in Cacti <= 1.1.13, in the user profile management page (auth_profile.php), allowing inject arbitrary...

Advisories

Date Advisory Group Severity Description
02 Dec 2017 ASA-201712-2 AVG-537 High multiple issues
27 Jul 2017 ASA-201707-30 AVG-365 Medium cross-site scripting