Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2014-5025

Published: 20/10/2014 Updated: 30/10/2018
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Debian Linux

Vulnerability Summary

Various cross-site scripting (XSS) flaws (CVE-2013-5588, CVE-2014-5025, CVE-2014-5026) and various SQL injection flaws (CVE-2013-5589, CVE-2015-4342, CVE-2015-4634, CVE-2015-8377, CVE-2015-8604) were discovered affecting versions of Cacti prior to 0.8.8g. Cross-site scripting (XSS) vulnerability in Cacti prior to 0.8.8d allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. (CVE-2015-2665) SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti prior to 0.8.8d allows remote malicious users to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. (CVE-2015-4454)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 7.0

opensuse opensuse 13.1

opensuse opensuse 13.2

cacti cacti 0.8.8b

Vendor Advisories

Debian Security Advisories: DSA-3007-1 cacti -- security update
Multiple security issues (cross-site scripting, missing input sanitising and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems For the stable distribution (wheezy), these problems have been fixed in version 088a+dfsg-5+deb7u4 For the unstable distribution (sid), these problems have been fixed in ve ...
Amazon Linux AMI: ALAS-2016-673
Various cross-site scripting (XSS) flaws (CVE-2013-5588, CVE-2014-5025, CVE-2014-5026) and various SQL injection flaws (CVE-2013-5589, CVE-2015-4342, CVE-2015-4634, CVE-2015-8377, CVE-2015-8604) were discovered affecting versions of Cacti prior to 088g Cross-site scripting (XSS) vulnerability in Cacti before 088d allows remote attackers to inj ...

References

CWE-79http://bugs.cacti.net/view.php?id=2456http://www.openwall.com/lists/oss-security/2014/07/22/9http://www.securityfocus.com/bid/68759http://www.debian.org/security/2014/dsa-3007http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.htmlhttps://security.gentoo.org/glsa/201509-03https://exchange.xforce.ibmcloud.com/vulnerabilities/94814https://nvd.nist.govhttps://www.debian.org/security/./dsa-3007https://alas.aws.amazon.com/ALAS-2016-673.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook