Lucene search

[email protected]NVD:CVE-2013-1434

HistoryAug 23, 2013 - 4:55 p.m.

CVE-2013-1434

2013-08-2316:55:06

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.004

Percentile

74.3%

JSON

Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

Nvd

Node

cacticactiRange≤0.8.8a

cacticactiMatch0.8.5

cacticactiMatch0.8.5a

cacticactiMatch0.8.6

cacticactiMatch0.8.6a

cacticactiMatch0.8.6b

cacticactiMatch0.8.6c

cacticactiMatch0.8.6d

cacticactiMatch0.8.6e

cacticactiMatch0.8.6f

cacticactiMatch0.8.6g

cacticactiMatch0.8.6h

cacticactiMatch0.8.6i

cacticactiMatch0.8.6j

cacticactiMatch0.8.6k

cacticactiMatch0.8.7

cacticactiMatch0.8.7a

cacticactiMatch0.8.7b

cacticactiMatch0.8.7d

cacticactiMatch0.8.7e

cacticactiMatch0.8.7g

cacticactiMatch0.8.7i

cacticactiMatch0.8.8

References

forums.cacti.net/viewtopic.php?f=21&t=50593

lists.opensuse.org/opensuse-updates/2013-08/msg00053.html

secunia.com/advisories/54181

secunia.com/advisories/54386

svn.cacti.net/viewvc?view=rev&revision=7394

www.debian.org/security/2012/dsa-2739

www.openwall.com/lists/oss-security/2013/08/07/15

www.securityfocus.com/bid/61657

www.securitytracker.com/id/1028893

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.004

Percentile

74.3%

JSON

Related for NVD:CVE-2013-1434

ubuntucve1 prion1 debiancve1 cve1 cvelist1 fedora2 amazon1 debian1 freebsd1 openvas10 nessus8 gentoo1 securityvulns1