Thewitness

**Name of the Vulnerable Software and Affected Versions** Cacti (affected versions not specified) **Description** The issue allows Cacti authentication to be bypassed under certain LDAP conditions when using specific credential types. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cacti versions 1.2.x through 1.2.16 Description: A SQL injection issue in data debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the `site id` parameter, potentially leading to remote code execution. Recommendations: For Cacti versions 1.2.x through 1.2.16, as a temporary workaround, consider restricting access to the `data debug.php` file until a patch is available. Avoid using the `site id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.