CVE-2020-14295

Опубликовано: 17 июн. 2020

Источник: debian

Описание

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
cacti	fixed	1.2.13+ds1-1		package
cacti	not-affected		buster	package
cacti	not-affected		stretch	package
cacti	not-affected		jessie	package

Примечания

https://github.com/Cacti/cacti/issues/3622
Fixed by: https://github.com/Cacti/cacti/commit/cc1a656f37b08c0c45667c119a44a3751271ac6e
Introduced with the fix for https://github.com/Cacti/cacti/issues/2839
Introduced by: https://github.com/Cacti/cacti/commit/b87747c38ba58e8cf6507d4f1f8476d1df567556 (1.2.6)

Связанные уязвимости

CVE-2020-14295

CVSS3: 7.2

ubuntu

больше 5 лет назад

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

CVE-2020-14295

CVSS3: 7.2

nvd

больше 5 лет назад

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

GHSA-rwpv-9gq4-x5g3

CVSS3: 7.2

github

больше 3 лет назад

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

openSUSE-SU-2020:1060-1

suse-cvrf

больше 5 лет назад

Security update for cacti, cacti-spine