Vulnerability   
Search   
    Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2020-14295
Description:A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
Test IDs: 1.3.6.1.4.1.25623.1.0.878121   1.3.6.1.4.1.25623.1.0.878130  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2020-14295
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W64CIB6L4HZRVQSWKPDDKXJO4J2XTOXD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKM5G3YNSZDHDZMPCMAHG5B5M2V4XYSE/
https://security.gentoo.org/glsa/202007-03
http://packetstormsecurity.com/files/162384/Cacti-1.2.12-SQL-Injection-Remote-Code-Execution.html
http://packetstormsecurity.com/files/162918/Cacti-1.2.12-SQL-Injection-Remote-Command-Execution.html
https://github.com/Cacti/cacti/issues/3622
SuSE Security Announcement: openSUSE-SU-2020:1060 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
SuSE Security Announcement: openSUSE-SU-2020:1106 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html




© 1998-2025 E-Soft Inc. All rights reserved.