Lucene search

PRIOn knowledge basePRION:CVE-2014-2328

HistoryApr 23, 2014 - 3:55 p.m.

Code injection

2014-04-2315:55:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.4%

JSON

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

CPENameOperatorVersion
cactige0.8.7
cactile0.8.7
cactige0.8.8
cactile0.8.8
debian_linuxeq7.0
fedoraeq20
fedoraeq19
opensuseeq13.1
opensuseeq13.2

Name	Operator	Version
cacti	ge	0.8.7
cacti	le	0.8.7
cacti	ge	0.8.8
cacti	le	0.8.8
debian_linux	eq	7.0
fedora	eq	20
fedora	eq	19
opensuse	eq	13.1
opensuse	eq	13.2

References

bugs.cacti.net/view.php?id=2433

lists.opensuse.org/opensuse-updates/2015-03/msg00034.html

secunia.com/advisories/59203

svn.cacti.net/viewvc?view=rev&revision=7442

www.debian.org/security/2014/dsa-2970

www.securityfocus.com/archive/1/531588

www.securityfocus.com/bid/66387

bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html

lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html

security.gentoo.org/glsa/201509-03