Описание
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in automation_get_new_graphs_sql function of api_automation.php allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In api_automation.php line 856, the get_request_var('filter') is being concatenated into the SQL statement without any sanitization. In api_automation.php line 717, The filter of 'filter' is FILTER_DEFAULT, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.
Ссылки
- Product
- Product
- Patch
- ExploitVendor Advisory
- Product
- Product
- Product
- Patch
- ExploitVendor Advisory
- Product
Уязвимые конфигурации
EPSS
8.8 High
CVSS3
Дефекты
Связанные уязвимости
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.
Cacti provides an operational monitoring and fault management framewor ...
Уязвимость функции automation_get_new_graphs_sql программного средства мониторинга сети Cacti, позволяющая нарушителю выполнять произвольные SQL-запросы
EPSS
8.8 High
CVSS3