HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2025-24367

CVSS 8.7v4.0pub. 2025-01-27upd. 2025-11-03

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Cacti

    APP
    Cacti
    < 1.2.29
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2022-46169CRITICAL9.8⚠ KEVten sam produkt

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault manag...

CVE-2026-39938CRITICAL9.8PL βœ“ten sam produkt

Niezautoryzowany path traversal i command injection w Cacti (LFI)

CVE-2026-39948CRITICAL9.3PL βœ“ten sam produkt

Cacti: Pre-auth SQL injection przez parametr rfilter (SQLi)

CVE-2026-39893CRITICAL9.8PL βœ“ten sam produkt

SQL Injection w Cacti β€” atak bez uwierzytelnienia przez parametr rfilter

CVE-2026-39955CRITICAL9.8PL βœ“ten sam produkt

SQL Injection przed uwierzytelnieniem w Cacti (graph_view.php)

CVE-2025-24367 β€” Cacti β€” HIGH β€” CVSS 8.7 | CVEbaza.pl