Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Cacti — Vulnerabilities & Security Advisories 49

Browse all 49 CVE security advisories affecting Cacti. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Cacti is an open-source network monitoring and graphing tool primarily used by system administrators to visualize network traffic, device performance, and system metrics through RRDtool integration. Despite its widespread deployment in enterprise environments, the software has historically suffered from numerous security flaws, currently totaling 49 recorded CVEs. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation in PHP scripts and weak authentication mechanisms. Notable incidents include arbitrary file inclusion attacks that allowed attackers to execute malicious code on the server. The application’s reliance on older PHP frameworks and complex configuration files has frequently introduced injection points. While essential for infrastructure visibility, Cacti requires rigorous patching and strict access controls to mitigate risks associated with its extensive attack surface and legacy codebase.

Top products by Cacti: cacti
CVE IDTitleCVSSSeverityPublished
CVE-2023-39511 Stored Cross-Site-Scripting on reports_admin.php device name in Cacti — cactiCWE-79 6.1 Medium2023-09-06
CVE-2023-30534 Insecure Deserialization in Cacti — cactiCWE-502 4.3 Medium2023-09-05
CVE-2023-31132 Cacti Privilege Escalation — cactiCWE-306 7.8 High2023-09-05
CVE-2023-39362 Authenticated command injection in SNMP options of a Device — cactiCWE-78 7.2 High2023-09-05
CVE-2023-39364 Open redirect in change password functionality in Cacti — cactiCWE-601 3.5 Low2023-09-05
CVE-2023-39516 Stored Cross-Site-Scripting on data_sources.php debug html-block in Cacti — cactiCWE-79 6.1 Medium2023-09-05
CVE-2023-39365 Unchecked regular expressions can lead to SQL Injection and data leakage in Cacti — cactiCWE-89 4.6 Medium2023-09-05
CVE-2023-39357 A Defect in sql_save() Causes Multiple SQL Injection Vulnerabilities in Cacti — cactiCWE-89 8.8 High2023-09-05
CVE-2023-39358 Authenticated SQL injection vulnerability in reports_user.php in Cacti — cactiCWE-89 8.8 High2023-09-05
CVE-2023-39359 Authenticated SQL injection vulnerability in graphs.php in Cacti — cactiCWE-89 8.8 High2023-09-05
CVE-2023-39361 Unauthenticated SQL Injection in graph_view.php in Cacti — cactiCWE-89 9.8 Critical2023-09-05
CVE-2023-39360 Reflected Cross-site Scripting in graphs_new.php in Cacti — cactiCWE-79 6.1 Medium2023-09-05
CVE-2023-39366 Stored Cross-site Scripting in data_sources.php through Device-Name in 'select' input in Cacti — cactiCWE-79 6.1 Medium2023-09-05
CVE-2023-39510 Stored Cross-site Scripting in reports_admin.php through Device-Name in 'select' input in Cacti — cactiCWE-79 6.1 Medium2023-09-05
CVE-2023-39512 Stored Cross-site Scripting on data_sources.php device name view in Cacti — cactiCWE-79 6.1 Medium2023-09-05
CVE-2023-39513 Stored Cross-site Scripting on host.php verbose data-query debug view in Cacti — cactiCWE-79 6.1 Medium2023-09-05
CVE-2023-39515 Stored Cross-site Scripting on data_debug.php datasource path view in Cacti — cactiCWE-79 6.1 Medium2023-09-05
CVE-2023-39514 Stored Cross-site Scripting on graphs.php data template formated name view in Cacti — cactiCWE-79 6.1 Medium2023-09-05
CVE-2022-46169 Unauthenticated Command Injection — cactiCWE-74 9.8 Critical2022-12-05

This page lists every published CVE security advisory associated with Cacti. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.