Lucene search

K

MitreCVELIST:CVE-2019-17357

HistoryJan 21, 2020 - 6:35 p.m.

CVE-2019-17357

2020-01-2118:35:44

mitre

www.cve.org

5

AI Score

7.7

Confidence

High

EPSS

0.105

Percentile

95.0%

Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374

github.com/Cacti/cacti/issues/3025

security.gentoo.org/glsa/202003-40

www.darkmatter.ae/xen1thlabs/

AI Score

7.7

Confidence

High

EPSS

0.105

Percentile

95.0%

Related for CVELIST:CVE-2019-17357

prion1 debiancve1 osv2 ubuntucve1 cve1 nvd1 openvas12 freebsd1 nessus5 fedora7 debian1 gentoo1 suse4