CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2014-4644 – Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion
https://notcve.org/view.php?id=CVE-2014-4644
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en superlinks.php en el plugin superlinks 1.4-2 para Cacti permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id. Cacti Superlinks version 1.4-2 suffers from code execution via local file inclusion, and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/35578 https://www.exploit-db.com/exploits/33809 http://osvdb.org/show/osvdb/108452 http://www.exploit-db.com/exploits/33809 http://www.securityfocus.com/bid/68141 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •