| Max CVSS | 9.3 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-13231 | 4.3 |
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
|
03-03-2023 - 02:36 | 20-05-2020 - 14:15 | |
| CVE-2020-8813 | 9.3 |
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
|
28-02-2023 - 19:23 | 22-02-2020 - 02:15 | |
| CVE-2020-13230 | 4.0 |
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
|
24-05-2022 - 14:29 | 20-05-2020 - 14:15 |