Описание
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
Ссылки
- Broken Link
- Broken Link
- ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/162918/Cacti-1.2.12-SQL-Injection-Remote-Command-Execution.htmlExploitThird Party AdvisoryVDB Entry
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- Broken Link
- Broken Link
- ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/162918/Cacti-1.2.12-SQL-Injection-Remote-Command-Execution.htmlExploitThird Party AdvisoryVDB Entry
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cacti:cacti:1.2.12:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.81199
Высокий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 7.2
ubuntu
больше 5 лет назад
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
CVSS3: 7.2
debian
больше 5 лет назад
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to ...
CVSS3: 7.2
github
больше 3 лет назад
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
EPSS
Процентиль: 99%
0.81199
Высокий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89