| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Arbitrary code execution |
|
| Description |
| + |
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. |
|
| References |
| + |
https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/ |
| + |
https://github.com/Cacti/cacti/issues/4022 |
| + |
https://github.com/Cacti/cacti/commit/565e0604a53f4988dc5b544d01f4a631eaa80d82 |
|
| Notes |
|