Cacti : Security Vulnerabilities, CVEs, (CSRF)

CVE-2020-13231

In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
Max CVSS
6.5
EPSS Score
0.12%
Published
2020-05-20
Updated
2023-03-03

CVE-2019-17357

Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
Max CVSS
6.5
EPSS Score
10.62%
Published
2020-01-21
Updated
2020-03-01

CVE-2014-2327

Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.
Max CVSS
6.8
EPSS Score
0.45%
Published
2014-04-23
Updated
2018-12-13

CVE-2011-5223

Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
4.3
EPSS Score
0.45%
Published
2012-10-25
Updated
2017-08-29
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close