Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2022-48538

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.

  • Published: Aug 22, 2023
  • Updated: Aug 29, 2023
  • CVE: CVE-2022-48538
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

Software From Fixed in
cacti / cacti 1.2.19 1.2.19.x