Unrated severityNVD Advisory· Published Nov 30, 2009· Updated Apr 23, 2026
CVE-2009-4112
CVE-2009-4112
Description
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*range: <=0.8.7e
- cpe:2.3:a:cacti:cacti:0.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.2a:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.3a:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.5a:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.6c:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.6f:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.6i:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.7a:*:*:*:*:*:*:*
- (no CPE)range: <=0.8.7e
- osv-coords7 versionspkg:rpm/opensuse/cacti&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cacti&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cacti-spine&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/cacti-spine&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/cacti-spine&distro=SUSE%20Package%20Hub%2015%20SP1
< 1.2.9-lp151.3.3.1+ 6 more
- (no CPE)range: < 1.2.9-lp151.3.3.1
- (no CPE)range: < 1.2.18-1.2
- (no CPE)range: < 1.2.9-lp151.3.3.1
- (no CPE)range: < 1.2.11-5.1
- (no CPE)range: < 1.2.9-bp151.4.3.1
- (no CPE)range: < 1.2.11-2.1
- (no CPE)range: < 1.2.9-bp151.4.3.1
Patches
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
10- archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.htmlnvdExploit
- www.securityfocus.com/bid/37137nvdExploit
- lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.htmlnvd
- www.openwall.com/lists/oss-security/2009/11/26/1nvd
- www.openwall.com/lists/oss-security/2009/11/30/2nvd
- www.securityfocus.com/archive/1/508129/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/54473nvd
News mentions
0No linked articles in our index yet.