Published: 01/08/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

spikekill.php in Cacti prior to 1.1.16 might allow remote malicious users to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cacti cacti

Debian Bug report logs - #870353 cacti: CVE-2017-12065 Package: src:cacti; Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 Aug 2017 11:33:01 UTC Severity: important Tags: patch, security, upstream Found in ver ...

Debian Bug report logs - #870354 cacti: CVE-2017-12066 Package: src:cacti; Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 Aug 2017 11:36:01 UTC Severity: important Tags: patch, security, upstream Found in ver ...

spikekillphp in Cacti before 1116 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter (CVE-2017-12065) Cross-site scripting (XSS) vulnerability in aggregate_graphsphp in Cacti before 1116 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted H ...

NVD-CWE-noinfo https://github.com/Cacti/cacti/issues/877 https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e https://cacti.net/release_notes.php?version=1.1.16 http://www.securityfocus.com/bid/100080 https://security.gentoo.org/glsa/201711-10 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870353 https://alas.aws.amazon.com/ALAS-2017-874.html

CVE-2017-12065

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect