CVE-2013-1435 — Code Injection in Cacti

CWE-94 — Code Injection8 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.0%

top 22.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti

Timeline

PublishedAug 23

Latest updateMay 17

Description

(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/cacti< cacti 0.8.8b+dfsg-1 (bookworm)

▶Debiancacti/cacti< 0.8.8b+dfsg-1+3

▶NVDcacti/cacti33 versions+32

Patches

Patch: svn.cacti.net ↗Patch: svn.cacti.net ↗

🔴Vulnerability Details

GHSA

GHSA-8ppp-2c7q-mxgh: (1) snmp↗2022-05-17

▶

OSV

CVE-2013-1435: (1) snmp↗2013-08-23

▶

📋Vendor Advisories

Debian

CVE-2013-1435: cacti - (1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to e...↗2013

▶

💬Community

Bugzilla

CVE-2013-1434 CVE-2013-1435 cacti: SQL injection and shell escaping issues fixed in 0.8.8b [fedora-all]↗2013-08-07

▶

Bugzilla

CVE-2013-1434 CVE-2013-1435 cacti: SQL injection and shell escaping issues fixed in 0.8.8b↗2013-08-07

▶

Bugzilla

CVE-2013-1434 CVE-2013-1435 cacti: SQL injection and shell escaping issues fixed in 0.8.8b [epel-all]↗2013-08-07

▶

Bugzilla

CVE-2013-1436 XMonad.Hooks.DynamicLog remote command injection flaw↗2013-07-29

▶