Debian Cacti vulnerabilities

CVE-2025-22604 [CRITICAL] CVE-2025-22604: cacti - Cacti is an open source performance and fault management framework. Due to a fla... Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execu

CVE-2025-24367 [HIGH] CVE-2025-24367: cacti - Cacti is an open source performance and fault management framework. An authentic... Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29. Scope: local bookworm: resolved (fixed in 1.2.24+ds1-1+deb12u

CVE-2025-66399 [HIGH] CVE-2025-66399: cacti - Cacti is an open source performance and fault management framework. Prior to 1.2... Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backen

CVE-2025-45160 [MEDIUM] CVE-2025-45160: cacti - A HTML injection vulnerability exists in the file upload functionality of Cacti ... A HTML injection vulnerability exists in the file upload functionality of Cacti , , ) into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27. Scope: local bookworm: resolved (fixed in 1.2.24+ds1-1+deb12u3) bullseye: open forky: resolved (fixed in 1.2.27+ds1-1) sid: resolved (fixed

CVE-2025-24368 [MEDIUM] CVE-2025-24368: cacti - Cacti is an open source performance and fault management framework. Some of the ... Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29. Scope: local bookworm: resolved (fixed in 1

CVE-2025-26520 [HIGH] CVE-2025-26520: cacti - Cacti through 1.2.29 allows SQL injection in the template function in host_templ... Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1.2.30+ds1-1) sid: resolved (fixed in 1.2.30+ds1-1) trixie: resolved (fixed in 1.2.30+ds1-1)

CVE-2024-48910 [CRITICAL] CVE-2024-48910: cacti - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathM... DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. Scope: local bookworm: resolved (fixed in 1.2.24+ds1-1+deb12u2) bullseye: resolved (fixed in 1.2.16+ds1-2+deb11u5) forky: resolved (fixed in 1.2.26+ds1-1) sid: resolved (fixed in 1.2.26+ds

CVE-2024-47875 [CRITICAL] CVE-2024-47875: cacti - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathM... DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. Scope: local bookworm: resolved (fixed in 1.2.24+ds1-1+deb12u2) bullseye: resolved (fixed in 1.2.16+ds1-2+deb11u5) forky: resolved (fixed in 1.2.26+ds1-1) sid: resolved (fixed in

CVE-2024-25641 [CRITICAL] CVE-2024-25641: cacti - Cacti provides an operational monitoring and fault management framework. Prior t... Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` fun

CVE-2024-34340 [CRITICAL] CVE-2024-34340: cacti - Cacti provides an operational monitoring and fault management framework. Prior t... Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there i

CVE-2024-43363 [HIGH] CVE-2024-43363: cacti - Cacti is an open source performance and fault management framework. An admin use... Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostn

CVE-2024-31459 [HIGH] CVE-2024-31459: cacti - Cacti provides an operational monitoring and fault management framework. Prior t... Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_

CVE-2024-43362 [HIGH] CVE-2024-43362: cacti - Cacti is an open source performance and fault management framework. The `fileurl... Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links ca

CVE-2024-31445 [HIGH] CVE-2024-31445: cacti - Cacti provides an operational monitoring and fault management framework. Prior t... Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `ge

CVE-2024-27082 [HIGH] CVE-2024-27082: cacti - Cacti provides an operational monitoring and fault management framework. Version... Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue. Scope: local bookworm:

CVE-2024-31458 [MEDIUM] CVE-2024-31458: cacti - Cacti provides an operational monitoring and fault management framework. Prior t... Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL inje

CVE-2024-54145 [MEDIUM] CVE-2024-54145: cacti - Cacti is an open source performance and fault management framework. Cacti has a ... Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29. Scope: local bookworm: resolved (fixed in 1.2.24+ds1-1+deb12u5) bullseye: resolved (fixed in 1.2.16+ds1-2+deb11u5) forky: resolv

CVE-2024-43365 [MEDIUM] CVE-2024-43365: cacti - Cacti is an open source performance and fault management framework. The`consolen... Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can

CVE-2024-45598 [MEDIUM] CVE-2024-45598: cacti - Cacti is an open source performance and fault management framework. Prior to 1.2... Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the we

CVE-2024-43364 [MEDIUM] CVE-2024-43364: cacti - Cacti is an open source performance and fault management framework. The `title` ... Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` p