Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-35701

Опубликовано: 11 янв. 2021
Источник: nvd
CVSS3: 8.8
CVSS2: 6.5
EPSS Низкий

Описание

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*
Версия от 1.2.0 (включая) до 1.2.16 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

EPSS

Процентиль: 83%
0.01839
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

ubuntu логотип

CVE-2020-35701

CVSS3: 8.8
ubuntu
около 5 лет назад

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.

debian логотип

CVE-2020-35701

CVSS3: 8.8
debian
около 5 лет назад

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection ...

suse-cvrf логотип

openSUSE-SU-2021:0755-1

suse-cvrf
больше 4 лет назад

Security update for cacti, cacti-spine

github логотип

GHSA-jprc-322p-6cp4

github
больше 3 лет назад

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.

EPSS

Процентиль: 83%
0.01839
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89