SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.35%
Published
2014-08-22
Updated
2017-09-08
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
Max CVSS
7.5
EPSS Score
1.50%
Published
2014-08-22
Updated
2017-09-08
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.
Max CVSS
7.5
EPSS Score
1.21%
Published
2014-04-23
Updated
2018-12-13
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
Max CVSS
6.5
EPSS Score
0.23%
Published
2014-04-23
Updated
2018-12-13
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.
Max CVSS
6.8
EPSS Score
0.45%
Published
2014-04-23
Updated
2018-12-13
5 vulnerabilities found