CNNVD-202508-3667 Information
CNNVD ID
CNNVD-202508-3667
Related CVE
- CNNVD Published: 2025-08-30
Description (Chinese)
Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据,使用RRDtool绘画图形进行分析,并提供数据和用户管理功能。 Cacti 0.8.6-d之前版本存在安全漏洞,该漏洞源于graph_view.php脚本对graph_start参数处理不当,可能导致远程命令执行。
Description (English)
Cacti is an open-source network traffic monitoring and analysis tool for the Cacti team. The tool captures data through snmpget, uses RRDDtool graphics for analysis and provides data and user management functions. The previous version of Cacti 0.8.6-d had a security loophole, which stemmed from the inappropriate handling of the graph view.php script of the graph start parameter, which could lead to remote command execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Cacti
Published
2025-08-30
Last Modified
2026-02-24
References
https://www.vulncheck.com/advisories/cacti-graph-view-rce https://www.exploit-db.com/exploits/9911 https://www.exploit-db.com/exploits/16881 https://www.cacti.net/info/downloads http://www.cacti.net/cactid_download.php https://web.archive.org/web/20050305034552/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/cacti_graphimage_exec.rb https://nvd.nist.gov/vuln/detail/CVE-2005-10004
Patch
https://www.cacti.net/info/downloads
Share on: