The Cacti version 1.2.26 is vulnerable to authenticated remote code execution. An attacker can exploit this vulnerability to execute arbitrary code on the target system. This vulnerability is identified as CVE-2024-25641.
Under certain conditions, an authenticated privileged user can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server.
In Cacti 1.2.24, under certain conditions, an authenticated privileged user can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server.
Cacti is prone to a remote command execution vulnerability because the software fails to adequately sanitize user-suplied input. Successful attacks can compromise the affected software and possibly the operating system running Cacti. The vulnerability can be triggered by any user performing specific actions.
This module exploits an arbitrary command execution vulnerability in the Raxnet Cacti 'graph_view.php' script. All versions of Raxnet Cacti prior to 0.8.6-d are vulnerable.
The vulnerability exists in the auth_login.php script of RaXnet Cacti due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'username' parameter, allowing them to bypass the authentication interface and execute arbitrary commands on the affected system.
Cacti is prone to cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
Cacti is vulnerable to Remote Command Execution (RCE) due to improper input validation. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary commands on the server.
RaXnet Cacti is prone to a remote command execution vulnerability that manifests in the 'graph_image.php' script. The issue is due to a bug in the input filters that leads to a failure in the application to properly sanitize user-supplied input. This issue can facilitate various attacks including unauthorized access to an affected computer.
Services By CQR