CVE-2019-17357

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.8

Description The issue affects how template identifiers are handled in Cacti when a string and a composite id value are used. This can be exploited by an authenticated attacker to extract data from the database. Additionally, an unauthenticated remote attacker could exploit this via a Cross-Site Request Forgery attack. The vulnerability is related to the template id function in the graphs.php file.

Recommendations For versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the graphs.php file and the template id parameter to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

ALT-PU-2020-1488

ALT-PU-2020-3430

ALT-PU-2025-1813

BDU:2020-01955

CVE-2019-17357

DSA-4604-1

OPENSUSE-SU-2020:0272-1

OPENSUSE-SU-2020:0284-1

OPENSUSE-SU-2020:0558-1

OPENSUSE-SU-2020:0565-1

OPENSUSE-SU-2020_0272-1

OPENSUSE-SU-2020_0558-1

OPENSUSE-SU-2024:10670-1

Affected Products

Alt Linux

Cacti

Suse

CVE-2019-17357

Weakness Enumeration

Related Identifiers

Affected Products

References · 95