Description
PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Alberto Trivero · perlwebappsphp
https://www.exploit-db.com/exploits/25927
exploitdb
WORKING POC
VERIFIED
by Maciej Piotr Falkiewicz · textwebappsphp
https://www.exploit-db.com/exploits/25859
References (11)
Scores
EPSS
0.1207
EPSS Percentile
93.8%
Details
Status
published
Products (20)
the_cacti_group/cacti
0.5
the_cacti_group/cacti
0.6
the_cacti_group/cacti
0.6.1
the_cacti_group/cacti
0.6.2
the_cacti_group/cacti
0.6.3
the_cacti_group/cacti
0.6.4
the_cacti_group/cacti
0.6.5
the_cacti_group/cacti
0.6.6
the_cacti_group/cacti
0.6.7
the_cacti_group/cacti
0.6.8
... and 10 more
Published
Jun 22, 2005
Tracked Since
Feb 18, 2026