CVE-2026-40083— Cacti: SQL Injection in managers.php
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40083
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cacti: SQL Injection in managers.php
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selected_items by calling cacti_unserialize(stripslashes(gnrv('selected_graphs_array'))). The cacti_unserialize() function calls unserialize() with allowed_classes set to false, which prevents object injection but still allows arbitrary string arrays to be deserialized. Then, at lines 760 to 766, the deserialized array values are passed directly into db_execute('DELETE FROM snmpagent_managers WHERE id IN (' . implode(',', $selected_items) . ')'), where they are imploded into the SQL statement without any integer validation, resulting in SQL Injection when using SNMP agent management permissions. This issue has been fixed in version 1.2.31.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-40083
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40083
请登录查看更多情报信息。
Other References for CVE-2026-40083 (2)
- Release v1.2.31 · Cacti/cacti · GitHubx_refsource_MISC
- SQL Injection in managers.php · Advisory · Cacti/cacti · GitHubx_refsource_CONFIRM
Same Patch Batch · Cacti · 2026-06-25 · 5 CVEs total
| CVE-2026-40084 | 6.5 MEDIUM | Cacti: Arbitrary File Read via Path Traversal in Report `format_file` Parameter |
| CVE-2026-40080 | 6.1 MEDIUM | Cacti: Open Redirect via HTTP_REFERER substring check in auth_login_redirect |
| CVE-2026-40082 | 5.4 MEDIUM | Cacti: Session Fixation via missing session_regenerate_id() after login |
| CVE-2026-40941 | Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages |
IV. Related Vulnerabilities
Same product: cacti
- CVE-2026-40941
Cacti: Package Import Signature Validation Bypass Allows Sel - CVE-2026-40084
Cacti: Arbitrary File Read via Path Traversal in Report `for - CVE-2026-40082
Cacti: Session Fixation via missing session_regenerate_id() - CVE-2026-40080
Cacti: Open Redirect via HTTP_REFERER substring check in aut - CVE-2026-40079
Cacti: Command Injection via escape_command() no-op in RRDto
Same vendor: Cacti
- CVE-2026-40941
Cacti: Package Import Signature Validation Bypass Allows Sel - CVE-2026-40084
Cacti: Arbitrary File Read via Path Traversal in Report `for - CVE-2026-40082
Cacti: Session Fixation via missing session_regenerate_id() - CVE-2026-40080
Cacti: Open Redirect via HTTP_REFERER substring check in aut - CVE-2026-40079
Cacti: Command Injection via escape_command() no-op in RRDto
Same weakness: CWE-89
- CVE-2026-57667
WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerabi - CVE-2026-57663
WordPress Recipe Maker For Your Food Blog from Zip Recipes p - CVE-2026-57662
WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection v - CVE-2026-57653
WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vuln - CVE-2026-57644
WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQ
V. Comments for CVE-2026-40083
No comments yet