7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.8%
Cacti is a complete web-based frontend to rrdtool.
It has been reported that the “local_graph_id” variable used in the file graph.php is not properly sanitized before being processed in an SQL statement.
A remote attacker could send a specially crafted request to the vulnerable host, possibly resulting in the execution of arbitrary SQL code.
There is no known workaround at this time.
All Cacti users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.6j-r7"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-analyzer/cacti | < 0.8.7a | UNKNOWN |