An issue exists in Cacti 1.2.x up to and including 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated malicious users to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cacti cacti |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |