CVE-2020-8813

Published: Feb 22, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129

https://drive.google.com/file/d/1A8hxTyk_NgSp04zPX-23nPbsSDeyDFio/view

https://github.com/Cacti/cacti/releases

https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/

https://github.com/Cacti/cacti/issues/3285

http://packetstormsecurity.com/files/156538/Cacti-1.2.8-Authenticated-Remote-Code-Execution.html

http://packetstormsecurity.com/files/156537/Cacti-1.2.8-Unauthenticated-Remote-Code-Execution.html

http://packetstormsecurity.com/files/156593/Cacti-1.2.8-Unauthenticated-Remote-Code-Execution.html

FEDORA-2020-552e4e7879

vendor-advisory

FEDORA-2020-10fe60d68b

vendor-advisory

FEDORA-2020-d6a9e27bb1

vendor-advisory

openSUSE-SU-2020:0558

vendor-advisory

http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.html

openSUSE-SU-2020:0565

vendor-advisory

GLSA-202004-16

vendor-advisory

[debian-lts-announce] 20221231 [SECURITY] [DLA 3252-1] cacti security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-8813

Description

Affected Products

References