Cacti Arbitrary OS Command Execution Vulnerability (CNVD-2020-13156)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A security vulnerability exists in the graphrealtime.php file in...

DEBIAN-CVE-2020-8813

graphrealtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege...

UBUNTU-CVE-2020-8813

graphrealtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege...

PT-2020-1717 · Cacti +2 · Cacti +2

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.8 Description: The issue in Cacti's graph realtime.php file is related to the lack of neutralization of special elements, which can be exploited by a remote attacker to execute arbitrary code by sending a specially crafted...