Page 8 of 94 results (0.004 seconds)

CVSS: 6.5EPSS: 10%CPEs: 1EXPL: 0

Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. Cacti versiones hasta 1.2.7, está afectado por una vulnerabilidad de inyección SQL de graphs.php?template_id= afectando la forma en que son manejados los identificadores de plantilla cuando una cadena y un valor compuesto de id son usados para identificar el tipo de plantilla y la identificación. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374 https://github.com/Cacti/cacti/issues/3025 https://security.gentoo.org/glsa/202003-40 https://www.darkmatter.ae/xen1thlabs • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 1%CPEs: 12EXPL: 1

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Cacti versión 1.2.8, tiene un vulnerabilidad de tipo XSS almacenado en los archivos data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, y user_group_admin.php, como es demostrado por el parámetro description en el archivo data_sources.php (una cadena sin procesar desde la base de datos que se despliega con $header para activar un ataque de tipo XSS). • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00032.html https://github.com/Cacti/cacti/issues/3191 https://lists.debian.org/debian-lts-announce/2020/01/msg00014.html https://lists • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module. Cacti versiones hasta 1.2.7, está afectado por múltiples instancias de deserialización no segura de la biblioteca lib/functions.php de datos controlados por parte del usuario para llenar matrices. Un atacante autenticado podría usar esto para influir en los valores de los datos del objeto y controlar las acciones tomadas por Cacti o potencialmente causar una corrupción de la memoria en el módulo PHP. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358 https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109 https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed4 • CWE-502: Deserialization of Untrusted Data CWE-787: Out-of-bounds Write •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. En Cacti versiones hasta 1.2.6, los usuarios autenticados pueden omitir las comprobaciones de autorización (para visualizar un gráfico) por medio de una petición directa del archivo graph_json.php con un parámetro local_graph_id modificado. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://github.com/Cacti/cacti/issues/2964 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZO3ROHHPKLH2JRW7ES5FYSQTWIPNVLQB https://lists.fedoraproject.org/archives/list/package • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1

In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. En clearFilter() en utilities.php en Cacti versiones anteriores a 1.2.3, no se produce ningún escape antes de imprimir el valor de la cadena de comunidad SNMP (Opciones SNMP) en la caché View poller, lo que conduce a XSS. • https://github.com/Cacti/cacti/compare/6ea486a...99995bb https://github.com/Cacti/cacti/issues/2581 https://lists.debian.org/debian-lts-announce/2019/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •