Описание
Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cacti | fixed | 1.2.25+ds1-1 | package |
Примечания
https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22
https://www.zerodayinitiative.com/advisories/ZDI-23-1499/
https://www.zerodayinitiative.com/advisories/ZDI-23-1500/
https://github.com/cacti/cacti/commit/f775c115e9d6e4b6a326eee682af8afebc43f20e (release/1.2.25)
EPSS
Связанные уязвимости
Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Уязвимость функции links программного средства мониторинга сети Cacti, позволяющая нарушителю выполнять произвольные SQL-запросы
EPSS