Количество 7
Количество 7
CVE-2019-17357
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
CVE-2019-17357
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
CVE-2019-17357
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injec ...
GHSA-mxrx-hwh2-j2jm
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
BDU:2020-01955
Уязвимость функции template_id системы мониторинга сервера Cacti, связанная с непринятием мер по защите структуры запроса sql, позволяющая нарушителю получить доступ к конфиденциальным данным
openSUSE-SU-2020:0272-1
Security update for cacti, cacti-spine
openSUSE-SU-2020:0558-1
Security update for cacti, cacti-spine
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-17357 Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. | CVSS3: 6.5 | 16% Средний | около 6 лет назад |
 | CVE-2019-17357 Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. | CVSS3: 6.5 | 16% Средний | около 6 лет назад |
| CVE-2019-17357 Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injec ... | CVSS3: 6.5 | 16% Средний | около 6 лет назад |
| GHSA-mxrx-hwh2-j2jm Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. | 16% Средний | больше 3 лет назад | |
 | BDU:2020-01955 Уязвимость функции template_id системы мониторинга сервера Cacti, связанная с непринятием мер по защите структуры запроса sql, позволяющая нарушителю получить доступ к конфиденциальным данным | CVSS3: 6.5 | 16% Средний | больше 6 лет назад |
 | openSUSE-SU-2020:0272-1 Security update for cacti, cacti-spine | почти 6 лет назад | ||
| openSUSE-SU-2020:0558-1 Security update for cacti, cacti-spine | почти 6 лет назад |
Уязвимостей на страницу