Описание
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | not-affected | 1.2.16+ds1-2ubuntu1 |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | released | 1.2.10+ds1-1ubuntu1+esm1 |
| esm-apps/jammy | not-affected | 1.2.16+ds1-2ubuntu1 |
| esm-apps/noble | not-affected | 1.2.16+ds1-2ubuntu1 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | needs-triage | |
| focal | ignored | end of standard support, was needed |
| groovy | ignored | end of life |
Показывать по
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection ...
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3