Описание
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
Ссылки
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Broken Link
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Broken Link
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injec ...
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
Уязвимость функции template_id системы мониторинга сервера Cacti, связанная с непринятием мер по защите структуры запроса sql, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
6.5 Medium
CVSS3
4 Medium
CVSS2