CVE-2014-2328

Severity

65%

Complexity

80%

Confidentiality

106%

Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

First reported 10 years ago

2014-04-23 15:55:00

Last updated 6 years ago

2018-12-13 18:22:00

Affected Software

Fedora 19

19

Fedora 20

20

OpenSUSE 13.1

13.1

OpenSUSE 13.2

13.2

Debian Linux 7.0

7.0

References

http://bugs.cacti.net/view.php?id=2433

Issue Tracking, Vendor Advisory

FEDORA-2014-4928

Third Party Advisory

FEDORA-2014-4892

Third Party Advisory

openSUSE-SU-2015:0479

Third Party Advisory

59203

Third Party Advisory

http://svn.cacti.net/viewvc?view=rev&revision=7442

Issue Tracking, Patch, Vendor Advisory

DSA-2970

Third Party Advisory

20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti

Third Party Advisory, VDB Entry

66387

Third Party Advisory, VDB Entry

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

Issue Tracking, Third Party Advisory

GLSA-201509-03

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.