Vulners
Lucene search
Cacti 0.8.7e - OS Command Injection
CVSSv2 Score: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cacti is prone to a remote command execution vulnerability because the
software fails to adequately sanitize user-suplied input.
Successful attacks can compromise the affected software and possibly
the operating system running Cacti.
The vulnerability can be triggered by any user doing:
1)
Edit or Create a Device with FQDN ‘NotARealIPAddress;CMD;’ (without
single quotes) and Save it.
Edit the Device again and reload any data query already created.
CMD will be executed with Web Server rights.
2)
Edit or Create a Graph Template and use as Vertical Label
‘BonsaiSecLabel";CMD; "’ (without single quotes) and Save it.
Go to Graph Management section and Select it.
CMD will be executed with Web Server rights.
Note that other properties of a Graph Template might also be affected.
===========================================================================
Download:
===========================================================================
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12339.pdf (Bonsai-OS_Command_Injection_in_Cacti.pdf)
<Bonsai Information Security Advisories>
http://www.bonsai-sec.com/en/research/vulnerability.phpData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Apr 2010 00:00Current
7.4High risk
Vulners AI Score7.4