Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-35701

Published: 11/01/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Cacti

Vulnerability Summary

An issue exists in Cacti 1.2.x up to and including 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated malicious users to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cacti cacti

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Debian CVElist Bug Report Logs: cacti: CVE-2020-35701
Debian Bug report logs - #979998 cacti: CVE-2020-35701 Package: src:cacti; Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 12 Jan 2021 18:09:01 UTC Severity: important Tags: security, upstream Found in versions c ...
Arch Linux Issues:
An issue was discovered in Cacti 12x through 1216 A SQL injection vulnerability in data_debugphp allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter This can lead to remote code execution ...

References

CWE-89https://github.com/Cacti/cacti/issues/4022https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/https://security.gentoo.org/glsa/202101-31https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBKBR2MFZJ6C2I4I5PCRR6UERPY24XZN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DDD22Z56THHDTXAFM447UH3BVINURIF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7DPUWZBAMCXFKAKUAJSHL3CKTOLGAK6/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook