Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Version	Supported
1.3.x	✅
1.2.x	✅
1.1.x	❌
1.0.x	❌
< 1.0	❌

Reporting a Vulnerability

Please use either GitHub's private vulnerability reporting or send an email to developers@cacti.net. We will aim to respond within a few days and accept any PoC's that demonstrate how to test for the vulnerability.

We wlil remove an PoC from published advisory's were possible and will advise to this effect when doing so.

Copyright (c) 2004-2023 - The Cacti Group, Inc.

XSS vulnerability when importing a template file
GHSA-xwqc-7jc4-xm73 published Dec 20, 2023 by netniV

Moderate
RCE vulnerability when managing links
GHSA-pfh9-gwm6-86vp published Dec 20, 2023 by netniV

High
SQL Injection vulnerability when managing poller devices
GHSA-vr3c-38wh-g855 published Dec 20, 2023 by netniV

High
XSS vulnerability when adding new devices
GHSA-wc73-r2vw-59pr published Dec 20, 2023 by netniV

Moderate
XSS vulnerability when viewing data sources in debug mode
GHSA-q7g7-gcf6-wh4x published Dec 20, 2023 by netniV

Moderate
SQL Injection vulnerability when managing SNMP Notification Receivers
GHSA-w85f-7c4w-7594 published Dec 20, 2023 by netniV

High
Cross-Site Scripting vulnerability when creating new graphs
GHSA-gx8c-xvjh-9qh4 published Sep 5, 2023 by netniV

Moderate
Unauthenticated SQL Injection when viewing graphs
GHSA-6r43-q2fw-5wrg published Sep 5, 2023 by netniV

Critical
SQL Injection when saving data with sql_save()
GHSA-6jhp-mgqg-fhqg published Sep 5, 2023 by netniV

High
Open redirect in change password functionality
GHSA-4pjv-rmrp-r59x published Sep 5, 2023 by netniV

Low

Learn more about advisories related to Cacti/cacti in the GitHub Advisory Database