Back to search
CVE-2019-17357
Published: Jan 21, 2020
Modified: Aug 5, 2024
PUBLISHED
Description
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.darkmatter.ae/xen1thlabs/
x_refsource_MISC
https://github.com/Cacti/cacti/issues/3025
x_refsource_CONFIRM
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374
x_refsource_MISC
openSUSE-SU-2020:0272
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:0284
vendor-advisory
x_refsource_SUSE
GLSA-202003-40
vendor-advisory
x_refsource_GENTOO
openSUSE-SU-2020:0558
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:0565
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now