Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2019-17357

Published: 21/01/2020 Updated: 01/03/2020
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Cacti

Vulnerability Summary

Cacti up to and including 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cacti cacti

Vendor Advisories

Debian CVElist Bug Report Logs: cacti: CVE-2019-17357
Debian Bug report logs - #947374 cacti: CVE-2019-17357 Package: src:cacti; Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 25 Dec 2019 21:27:02 UTC Severity: important Tags: security, upstream Found in version ca ...
Debian Security Advisories: DSA-4604-1 cacti -- security update
Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users CVE-2019-16723 Authenticated users may bypass authorization checks for viewing a graph by submitting requests with modified local_graph_id parameters CVE-2019-17357 The gra ...

References

CWE-89https://github.com/Cacti/cacti/issues/3025https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374https://www.darkmatter.ae/xen1thlabs/http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.htmlhttps://security.gentoo.org/glsa/202003-40http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374https://nvd.nist.govhttps://www.debian.org/security/2020/dsa-4604
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook