Описание
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
Ссылки
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.htmlThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Issue TrackingThird Party Advisory
- Release Notes
- Mailing ListThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одно из
Одновременно
EPSS
8.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
Связанные уязвимости
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ...
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
Уязвимость в файле graph_realtime.php программного средства мониторинга сети Cacti, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3
9.3 Critical
CVSS2