Описание
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1.2.16+ds1-2ubuntu1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 1.2.10+ds1-1ubuntu1 |
| esm-apps/jammy | not-affected | 1.2.16+ds1-2ubuntu1 |
| esm-apps/noble | not-affected | 1.2.16+ds1-2ubuntu1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | needs-triage |
Показывать по
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injec ...
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
Уязвимость функции template_id системы мониторинга сервера Cacti, связанная с непринятием мер по защите структуры запроса sql, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3