CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
45.7%
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the pollers.php
script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the pollers.php
. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | cacti | < 1.2.24+ds1-1+deb12u2 | cacti_1.2.24+ds1-1+deb12u2_all.deb |
Debian | 11 | all | cacti | < 1.2.16+ds1-2+deb11u3 | cacti_1.2.16+ds1-2+deb11u3_all.deb |
Debian | 999 | all | cacti | < 1.2.26+ds1-1 | cacti_1.2.26+ds1-1_all.deb |
Debian | 13 | all | cacti | < 1.2.26+ds1-1 | cacti_1.2.26+ds1-1_all.deb |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
45.7%