CVE-2020-14295

High

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command…

mitre·CWE-89·Published 2020-06-17

CVSS

7.2

EPSS

0.86

KEV

Exploits

cve.orgen

193 chars

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

NVDen

193 chars

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

NVDes

249 chars

Un problema de inyección SQL en el archivo color.php en Cacti versión 1.2.12, permite a un administrador inyectar SQL por medio del parámetro filter. Esto puede conllevar a una ejecución de comandos remota porque el producto acepta consultas en pila

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H