rpm package
suse/cacti&distro=SUSE Package Hub 15 SP2
pkg:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2015%20SP2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-14424 | — | < 1.2.18-bp152.2.13.1 | 1.2.18-bp152.2.13.1 | Nov 14, 2021 | Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. | ||
| CVE-2020-35701 | — | < 1.2.17-bp152.2.10.1 | 1.2.17-bp152.2.10.1 | Jan 11, 2021 | An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. |
- CVE-2020-14424Nov 14, 2021affected < 1.2.18-bp152.2.13.1fixed 1.2.18-bp152.2.13.1
Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.
- CVE-2020-35701Jan 11, 2021affected < 1.2.17-bp152.2.10.1fixed 1.2.17-bp152.2.10.1
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.