CVE-2014-2328

Опубликовано: 23 апр. 2014

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

Комментарий

Per: https://cwe.mitre.org/data/definitions/77.html

"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"

Ссылки

http://bugs.cacti.net/view.php?id=2433
Issue Tracking
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html
Third Party Advisory
http://secunia.com/advisories/59203
Third Party Advisory
http://svn.cacti.net/viewvc?view=rev&revision=7442
Issue Tracking
Patch
Vendor Advisory
http://www.debian.org/security/2014/dsa-2970
Third Party Advisory
http://www.securityfocus.com/archive/1/531588
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/66387
Third Party Advisory
VDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768
Issue Tracking
Third Party Advisory
https://security.gentoo.org/glsa/201509-03
Third Party Advisory
http://bugs.cacti.net/view.php?id=2433
Issue Tracking
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html
Third Party Advisory
http://secunia.com/advisories/59203
Third Party Advisory
http://svn.cacti.net/viewvc?view=rev&revision=7442
Issue Tracking
Patch
Vendor Advisory
http://www.debian.org/security/2014/dsa-2970
Third Party Advisory
http://www.securityfocus.com/archive/1/531588
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/66387
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*

Версия от 0.8.7 (включая) до 0.8.7g (включая)

cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*

Версия от 0.8.8 (включая) до 0.8.8b (включая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01128

Низкий

6.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2014-2328

ubuntu

почти 12 лет назад

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

CVE-2014-2328

debian

почти 12 лет назад

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remot ...

GHSA-fwg6-8jf8-3wh3

github

больше 3 лет назад

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

EPSS

Процентиль: 78%

0.01128

Низкий

6.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo