PT-2020-1717 · Cacti+2 · Cacti+2

Askar

Published

2019-01-05

Updated

2025-01-24

CVE-2020-8813

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cacti version 1.2.8

Description The issue in Cacti's graph realtime.php file is related to the lack of neutralization of special elements, which can be exploited by a remote attacker to execute arbitrary code by sending a specially crafted request. This can be achieved via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.

Recommendations For Cacti version 1.2.8, consider disabling the graph real-time privilege for guest users until a patch is available. Restrict access to the graph realtime.php file to minimize the risk of exploitation. Avoid using shell metacharacters in cookies for the affected version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

ALT-PU-2019-1006

ALT-PU-2020-1488

ALT-PU-2020-3394

ALT-PU-2020-3430

ALT-PU-2021-2264

ALT-PU-2023-4394

ALT-PU-2023-4396

ALT-PU-2023-5196

ALT-PU-2023-7619

ALT-PU-2023-7621

ALT-PU-2023-8407

ALT-PU-2024-1003

ALT-PU-2024-14329

ALT-PU-2024-14440

ALT-PU-2024-17822

ALT-PU-2024-7120

ALT-PU-2025-1813

BDU:2020-00950

CVE-2020-8813

DLA-3252-1

OPENSUSE-SU-2020:0558-1

OPENSUSE-SU-2020:0565-1

OPENSUSE-SU-2020_0558-1

OPENSUSE-SU-2024:10670-1

Affected Products

Alt Linux

Cacti

Suse

PT-2020-1717 · Cacti+2 · Cacti+2

CVE-2020-8813

Weakness Enumeration

Related Identifiers

Affected Products

References · 106