CVE-2020-14295

Опубликовано: 17 июн. 2020

Источник: ubuntu

Приоритет: medium

CVSS2: 6.5

CVSS3: 7.2

Описание

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	not-affected	1.2.16+ds1-2ubuntu1
eoan	ignored	end of life
esm-apps/bionic	released	1.1.38+ds1-1ubuntu0.1~esm1
esm-apps/focal	released	1.2.10+ds1-1ubuntu1+esm1
esm-apps/jammy	not-affected	1.2.16+ds1-2ubuntu1
esm-apps/noble	not-affected	1.2.16+ds1-2ubuntu1
esm-apps/xenial	not-affected	code not present
esm-infra-legacy/trusty	needs-triage
focal	ignored	end of standard support, was needed

Показывать по

Ссылки на источники

6.5 Medium

CVSS2

7.2 High

CVSS3

Связанные уязвимости

CVE-2020-14295

CVSS3: 7.2

nvd

больше 5 лет назад

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

CVE-2020-14295

CVSS3: 7.2

debian

больше 5 лет назад

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to ...

GHSA-rwpv-9gq4-x5g3

CVSS3: 7.2

github

больше 3 лет назад

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

openSUSE-SU-2020:1060-1

suse-cvrf

больше 5 лет назад

Security update for cacti, cacti-spine

6.5 Medium

CVSS2

7.2 High

CVSS3

CVE-2020-14295

Описание

Пакет cacti

Ссылки на источники

Связанные уязвимости