CVE-2020-14295
Name
CVE-2020-14295
Description
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
NVD Severity
medium
Other trackers
CVE
,
NVD
,
CERT
,
CVE Details
,
CIRCL
,
Arch Linux
,
Debian
,
Red Hat
,
Ubuntu
,
Gentoo
,
SUSE (Bugzilla)
,
SUSE (CVE)
,
Mageia
Mailing lists
oss-security
,
full-disclosure
,
bugtraq
Exploits
Exploit DB
,
Metasploit
Forges
GitHub (
code
,
issues
), Aports (
code
,
issues
)
References
Type
URI
Exploit
https://github.com/Cacti/cacti/issues/3622
FEDORA
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W64CIB6L4HZRVQSWKPDDKXJO4J2XTOXD/
FEDORA
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKM5G3YNSZDHDZMPCMAHG5B5M2V4XYSE/
SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
GENTOO
https://security.gentoo.org/glsa/202007-03
SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
Exploit
http://packetstormsecurity.com/files/162384/Cacti-1.2.12-SQL-Injection-Remote-Code-Execution.html
MISC
http://packetstormsecurity.com/files/162918/Cacti-1.2.12-SQL-Injection-Remote-Command-Execution.html
Match rules
CPE URI
Source package
Min version
Max version
cpe:2.3:a:cacti:cacti:1.2.12:*:*:*:*:*:*:*
cacti
== None
== 1.2.12
Vulnerable and fixed packages
Source package
Branch
Version
Maintainer
Status