Lucene search

Veracode Vulnerability DatabaseVERACODE:24131

HistoryApr 10, 2020 - 12:46 a.m.

OS Command Injection

2020-04-1000:46:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.005 Low

EPSS

Percentile

76.6%

JSON

cacti is vulnerable to OS command injection. Multiple command injection flaws were discovered in Cacti. An authenticated user with certain administrative privileges could use these flaws to execute arbitrary commands on the Cacti server with the privileges of the web server user.

CPENameOperatorVersion
python-psycopg2eq2.0.6__1.el5ipa
python-psycopg2eq2.0.6__1.el5ipa

CPE	Name	Operator	Version
	python-psycopg2	eq	2.0.6__1.el5ipa
	python-psycopg2	eq	2.0.6__1.el5ipa

References

secunia.com/advisories/41041

svn.cacti.net/viewvc?view=rev&revision=5778

svn.cacti.net/viewvc?view=rev&revision=5782

svn.cacti.net/viewvc?view=rev&revision=5784

www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php

www.cacti.net/release_notes_0_8_7f.php

www.mandriva.com/security/advisories?name=MDVSA-2010:160

www.redhat.com/security/updates/classification/#important

www.vupen.com/english/advisories/2010/2132

access.redhat.com/errata/RHSA-2010:0635

bugzilla.redhat.com/show_bug.cgi?id=609115

rhn.redhat.com/errata/RHSA-2010-0635.html

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for VERACODE:24131