QwikSec

Security Database

CVE

CWE

Training

CVE-2019-17358

Published: Dec 12, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.darkmatter.ae/xen1thlabs/

x_refsource_MISC

https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109

x_refsource_MISC

https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html

x_refsource_MISC

https://github.com/Cacti/cacti/issues/3026

x_refsource_MISC

https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8

x_refsource_MISC

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358

x_refsource_MISC

https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html

x_refsource_MISC

20200120 [SECURITY] [DSA 4604-1] cacti security update

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

openSUSE-SU-2020:0272

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:0284

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_GENTOO

openSUSE-SU-2020:0558

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:0565

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.