vulnerability

Ubuntu: (CVE-2014-4000): cacti vulnerability

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Nov 15, 2017

Added

Nov 19, 2024

Modified

Apr 16, 2026

Description

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).

Solution

ubuntu-upgrade-cacti

References

CVE-2014-4000
https://attackerkb.com/topics/CVE-2014-4000
CWE-94
EUVD-EUVD-2014-3932
http://www.cacti.net/release_notes_1_0_0.php
https://euvd.enisa.europa.eu/vulnerability/EUVD-2014-3932
https://www.cve.org/CVERecord?id=CVE-2014-4000

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report