Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).

Published: Nov 15, 2017
Updated: Nov 9, 2025
CVE: CVE-2014-4000
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
cacti / cacti	-	1.0.0

https://forums.cacti.net/viewtopic.php?f=4&t=56794
https://security-tracker.debian.org/tracker/CVE-2014-4000
https://security.gentoo.org/glsa/201711-10
https://www.cacti.net/release_notes_1_0_0.php

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo