vulnerability

Debian: CVE-2014-4000: cacti -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Nov 15, 2017

Added

Jul 30, 2024

Modified

Mar 30, 2026

Description

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).

Solution

debian-upgrade-cacti

References

CVE-2014-4000
https://attackerkb.com/topics/CVE-2014-4000
CWE-94
EUVD-EUVD-2014-3932
https://euvd.enisa.europa.eu/vulnerability/EUVD-2014-3932

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report