CNNVD-202601-4902 Information

CNNVD ID

CNNVD-202601-4902

Related CVE

CVE-2025-45160

• CNNVD Published: 2026-01-29

Description (Chinese)

Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据，使用RRDtool绘画图形进行分析，并提供数据和用户管理功能。 Cacti 1.2.29及之前版本存在安全漏洞，该漏洞源于文件上传功能对文件名清理不当，可能导致HTML注入攻击。

Description (English)

Cacti is an open-source network traffic monitoring and analysis tool for the Cacti team. The tool captures data through snmpget, uses RRDDtool graphics for analysis and provides data and user management functions. Cacti 1.2.29 and previous versions have a security loophole, which stems from the improper clean-up of file names by the document upload function, which could lead to an HTML injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Cacti

Published

2026-01-29

Last Modified

2026-02-24

References

https://github.com/Cacti/cacti https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32

Patch

https://www.cacti.net/