Debian Cacti vulnerabilities

CVE-2021-23225 [MEDIUM] CVE-2021-23225: cacti - Cacti 1.1.38 allows authenticated users with User Management permissions to inje... Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php. Scope: local bookworm: resolved (fixed in 1.2.1+ds1-1) bullseye: resolved (fixed in 1.2.1+ds1-1) forky: resolved (fixed in 1.2.1+ds1-1) sid: resolved (fixed in 1

CVE-2020-8813 [HIGH] CVE-2020-8813: cacti - graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary O... graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. Scope: local bookworm: resolved (fixed in 1.2.10+ds1-1) bullseye: resolved (fixed in 1.2.10+ds1-1) forky: resolved (fixed in 1.2.10+ds1-1) sid: resolved (fixed in 1.2.10+ds1-1) trixie: resolve

CVE-2020-35701 [HIGH] CVE-2020-35701: cacti - An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerabi... An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. Scope: local bookworm: resolved (fixed in 1.2.16+ds1-2) bullseye: resolved (fixed in 1.2.16+ds1-2) forky: resolved (fixed in 1.2

CVE-2020-14295 [HIGH] CVE-2020-14295: cacti - A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL... A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. Scope: local bookworm: resolved (fixed in 1.2.13+ds1-1) bullseye: resolved (fixed in 1.2.13+ds1-1) forky: resolved (fixed in 1.2.13+ds1-1) sid: resolved (fixed in 1.2.13+ds1-1)

CVE-2020-7237 [HIGH] CVE-2020-7237: cacti - Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacha... Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. Scope: local bookworm: resolved (fixed in 1.2.9+ds1-

CVE-2020-25706 [MEDIUM] CVE-2020-25706: cacti - A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti... A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field Scope: local bookworm: resolved (fixed in 1.2.14+ds1-1) bullseye: resolved (fixed in 1.2.14+ds1-1) forky: resolved (fixed in 1.2.14+ds1-1) sid: resolved (fixed in 1.2.14+ds1-1) trixie:

CVE-2020-13231 [MEDIUM] CVE-2020-13231: cacti - In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin em... In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. Scope: local bookworm: resolved (fixed in 1.2.11+ds1-1) bullseye: resolved (fixed in 1.2.11+ds1-1) forky: resolved (fixed in 1.2.11+ds1-1) sid: resolved (fixed in 1.2.11+ds1-1) trixie: resolved (fixed in 1.2.11+ds1-1)

CVE-2020-23226 [MEDIUM] CVE-2020-23226: cacti - Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1... Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. Scope: local bookworm: resolved (fixed in 1.2.13+ds1-1) bullseye: resolved (fixed in 1.2.13+ds1-1) forky: resolved (fixed in 1.2.13+ds1-1

CVE-2020-7106 [MEDIUM] CVE-2020-7106: cacti - Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs... Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Scope: local bookworm: resolved (fixed in 1.2.9+ds1-1)

CVE-2020-14424 [MEDIUM] CVE-2020-14424: cacti - Cacti before 1.2.18 allows remote attackers to trigger XSS via template import f... Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. Scope: local bookworm: resolved (fixed in 1.2.19+ds1-1) bullseye: resolved forky: resolved (fixed in 1.2.19+ds1-1) sid: resolved (fixed in 1.2.19+ds1-1) trixie: resolved (fixed in 1.2.19+ds1-1)

CVE-2020-13230 [MEDIUM] CVE-2020-13230: cacti - In Cacti before 1.2.11, disabling a user account does not immediately invalidate... In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). Scope: local bookworm: resolved (fixed in 1.2.11+ds1-1) bullseye: resolved (fixed in 1.2.11+ds1-1) forky: resolved (fixed in 1.2.11+ds1-1) sid: resolved (fixed in 1.2.11+ds1-1) trixie: resolved (fixed in 1.2.11+ds1

CVE-2020-7058 [HIGH] CVE-2020-7058: cacti - data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input S... data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2019-17358 [HIGH] CVE-2019-17358: cacti - Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsaf... Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module. Scope: local bookworm: resolved (fixed in 1.2.8+ds1-1) bullsey

CVE-2019-17357 [MEDIUM] CVE-2019-17357: cacti - Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulne... Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Sit

CVE-2019-16723 [MEDIUM] CVE-2019-16723: cacti - In Cacti through 1.2.6, authenticated users may bypass authorization checks (for... In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. Scope: local bookworm: resolved (fixed in 1.2.7+ds1-1) bullseye: resolved (fixed in 1.2.7+ds1-1) forky: resolved (fixed in 1.2.7+ds1-1) sid: resolved (fixed in 1.2.7+ds1-1) trixie: resolved (f

CVE-2019-11025 [MEDIUM] CVE-2019-11025: cacti - In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs befo... In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. Scope: local bookworm: resolved (fixed in 1.2.2+ds1-2) bullseye: resolved (fixed in 1.2.2+ds1-2) forky: resolved (fixed in 1.2.2+ds1-2) sid: resolved (fixed in 1.2.2+ds1-2) tri

CVE-2018-10059 [MEDIUM] CVE-2018-10059: cacti - Cacti before 1.1.37 has XSS because the get_current_page function in lib/functio... Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. Scope: local bookworm: resolved (fixed in 1.1.37+ds1-1) bullseye: resolved (fixed in 1.1.37+ds1-1) forky: resolved (fixed in 1.1.37+ds1-1) sid: resolved (fixed in 1.1.37+ds1-1) trixie: reso

CVE-2018-10061 [MEDIUM] CVE-2018-10061: cacti - Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls with... Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). Scope: local bookworm: resolved (fixed in 1.1.37+ds1-1) bullseye: resolved (fixed in 1.1.37+ds1-1) forky: resolved (fixed in 1.1.37+ds1-1) sid: resolved (fixed in 1.1.37+ds1-1) trixie:

CVE-2018-20725 [MEDIUM] CVE-2018-20725: cacti - A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cact... A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. Scope: local bookworm: resolved (fixed in 1.2.1+ds1-1) bullseye: resolved (fixed in 1.2.1+ds1-1) forky: resolved (fixed in 1.2.1+ds1-1) sid: resolved (fixed in 1.2.1+ds1-1) trixie: resolved (fixe

CVE-2018-20726 [MEDIUM] CVE-2018-20726: cacti - A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in ... A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. Scope: local bookworm: resolved (fixed in 1.2.1+ds1-1) bullseye: resolved (fixed in 1.2.1+ds1-1) forky: resolved (fixed in 1.2.1+ds1-1) sid: resolved (fixed in 1.2.1+ds1-1) trix