UBUNTU-CVE-2014-4000

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2014-4000

Published: 15 Nov 2017, 16:29

Last modified:18 Jul 2025, 16:43

Vulnerability Summary

Overall Risk (default)

medium

35/100

CVSS Score

8.8 HIGH

3.0 (osv_ubuntu)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

15 Nov 2017, 16:29

Published

Vulnerability first disclosed

18 Jul 2025, 16:43

Last Modified

Vulnerability information updated

Description

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).

CVSS Metrics

v3.0•HIGH•Score: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

ubuntu•cacti
< 0.8.8b+dfsg-5ubuntu0.2

References (3)

https://ubuntu.com/security/CVE-2014-4000
http://www.cacti.net/release_notes_1_0_0.php
https://www.cve.org/CVERecord?id=CVE-2014-4000