Every CVE whose affected-product data names The Cacti Group Cacti, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2005-2149 — CVSS 10.0 (critical): config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain…
CVE-2002-1478 — CVSS 10.0 (critical): Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
CVE-2007-3112 — CVSS 7.8 (high): graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU…
CVE-2002-1477 — CVSS 7.5 (high): graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in…
CVE-2004-1737 — CVSS 7.5 (high): SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass…
CVE-2005-2148 — CVSS 7.5 (high): Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to…
CVE-2006-0146 — CVSS 7.5 (high): The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4)…
CVE-2006-0147 — CVSS 7.5 (high): Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including…
CVE-2006-6799 — CVSS 7.5 (high): SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary…
CVE-2005-1525 — CVSS 7.5 (high): SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via…
CVE-2005-1526 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code…
CVE-2007-3113 — CVSS 6.8 (medium): Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large…
CVE-2005-1524 — CVSS 5.0 (medium): PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute…
CVE-2004-1736 — CVSS 5.0 (medium): Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3)…
CVE-2002-1479 — CVSS 4.6 (medium): Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows…