- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-200701-23 (Cacti: Command execution and SQL injection)
rgod discovered that the Cacti cmd.php and copy_cacti_user.php scripts do not properly control access to the command shell, and are remotely accessible by unauthenticated users. This allows SQL injection via cmd.php and copy_cacti_user.php URLs. Further, the results from the injected SQL query are not properly sanitized before being passed to a command shell. The vulnerabilities require that the 'register_argc_argv' option is enabled, which is the Gentoo default.
Also, a number of similar problems in other scripts were reported.
Impact :
These vulnerabilties can result in the execution of arbitrary shell commands or information disclosure via crafted SQL queries.
Workaround :
There is no known workaround at this time.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top