CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
88.3%
SQL injection vulnerability in Cacti 0.8.6i and earlier, when
register_argc_argv is enabled, allows remote attackers to execute arbitrary
SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE:
this issue can be leveraged to execute arbitrary commands since the SQL
query results are later used in the polling_items array and popen function.