Unrated severityNVD Advisory· Published Aug 22, 2014· Updated May 6, 2026
CVE-2014-5261
CVE-2014-5261
Description
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
Affected products
13cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*range: <=0.8.8b
- cpe:2.3:a:cacti:cacti:0.8.6e:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.7a:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.7b:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.7c:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.7d:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.7e:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.7f:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.7g:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.7i:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.8a:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8News mentions
0No linked articles in our index yet.