PT-2019-5226 · Cacti+2 · Cacti+2

Eldar Marcussen

Publicado

2019-09-23

Atualizado

2025-01-24

CVE-2019-17357

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.8

Description The issue affects how template identifiers are handled in Cacti when a string and a composite id value are used. This can be exploited by an authenticated attacker to extract data from the database. Additionally, an unauthenticated remote attacker could exploit this via a Cross-Site Request Forgery attack. The vulnerability is related to the template id function in the graphs.php file.

Recommendations For versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the graphs.php file and the template id parameter to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

ALT-PU-2020-1488

ALT-PU-2020-3430

ALT-PU-2025-1813

BDU:2020-01955

CVE-2019-17357

DSA-4604-1

OPENSUSE-SU-2020:0272-1

OPENSUSE-SU-2020:0284-1

OPENSUSE-SU-2020:0558-1

OPENSUSE-SU-2020:0565-1

OPENSUSE-SU-2020_0272-1

OPENSUSE-SU-2020_0558-1

OPENSUSE-SU-2024:10670-1

Produtos afetados

Alt Linux

Cacti

Suse

PT-2019-5226 · Cacti+2 · Cacti+2

CVE-2019-17357

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 95