7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.7%
Bonsai information security reports:
A Vulnerability has been discovered in Cacti, which
can be exploited by any user to conduct SQL Injection
attacks. Input passed via the “export_item_id” parameter
to “templates_export.php” script is not properly sanitized
before being used in a SQL query.
The same source also reported a command execution
vulnerability. This second issue can be exploited by
Cacti users who have the rights to modify device or
graph configurations.