CVE-2014-5261
published 2014-08-22CVE-2014-5261: The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a…
PriorityP355high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
10.77%
95.3th percentile
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cacti | cacti | <= 0.8.8b | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | >= 0 < 0.8.8b+dfsg-8 | 0.8.8b+dfsg-8 |
| cacti | cacti | >= 0 < 0.8.8b+dfsg-8 | 0.8.8b+dfsg-8 |
| cacti | cacti | >= 0 < 0.8.8b+dfsg-8 | 0.8.8b+dfsg-8 |
| cacti | cacti | >= 0 < 0.8.8b+dfsg-8 | 0.8.8b+dfsg-8 |
| debian | cacti | < cacti 0.8.8b+dfsg-8 (bookworm) | cacti 0.8.8b+dfsg-8 (bookworm) |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2014-5261: cacti - The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allow...
vendor_debian·2014·CVSS 7.5
CVE-2014-5261 [HIGH] CVE-2014-5261: cacti - The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allow...
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
Scope: local
bookworm: resolved (fixed in 0.8.8b+dfsg-8)
bullseye: resolved (fixed in 0.8.8b+dfsg-8)
forky: resolved (fixed in 0.8.8b+dfsg-8)
sid: resolved (fixed in 0.8.8b+dfsg-8)
trixie: resolved (fixed in 0.8.8b+dfsg-8)
GHSA
GHSA-pf2x-7333-7fw9: The graph settings script (graph_settings
ghsa_unreviewed·2022-05-17
CVE-2014-5261 [HIGH] CWE-94 GHSA-pf2x-7333-7fw9: The graph settings script (graph_settings
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
OSV
CVE-2014-5261: The graph settings script (graph_settings
osv·2014-08-22·CVSS 7.5
CVE-2014-5261 [HIGH] CVE-2014-5261: The graph settings script (graph_settings
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
No detection rules found.
No public exploits indexed.
http://seclists.org/oss-sec/2014/q3/351http://seclists.org/oss-sec/2014/q3/386http://svn.cacti.net/viewvc?view=rev&revision=7454http://www.debian.org/security/2014/dsa-3007http://www.securityfocus.com/bid/69213https://bugzilla.redhat.com/show_bug.cgi?id=1127165https://exchange.xforce.ibmcloud.com/vulnerabilities/95292https://security.gentoo.org/glsa/201607-05http://seclists.org/oss-sec/2014/q3/351http://seclists.org/oss-sec/2014/q3/386http://svn.cacti.net/viewvc?view=rev&revision=7454http://www.debian.org/security/2014/dsa-3007http://www.securityfocus.com/bid/69213https://bugzilla.redhat.com/show_bug.cgi?id=1127165https://exchange.xforce.ibmcloud.com/vulnerabilities/95292https://security.gentoo.org/glsa/201607-05
2014-08-22
Published