CVE-2020-8813

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-8813

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8813.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-8813

Related

Published

2020-02-22T02:15:10Z

Modified

2024-09-18T03:12:35.515084Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.

References

Affected packages

Debian:11 / cacti

Package

Name: cacti
Purl: pkg:deb/debian/cacti?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.10+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cacti

Package

Name: cacti
Purl: pkg:deb/debian/cacti?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.10+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cacti

Package

Name: cacti
Purl: pkg:deb/debian/cacti?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.10+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/cacti/cacti

Affected ranges

Type: GIT
Repo: https://github.com/cacti/cacti
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

5976b28b90cc7d3946430619c0a0c32dc1292b4f

Type: GIT
Repo: https://github.com/opmantek/open-audit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

e30ca22e1f0b7e261e131fc95d7883bf5afd1816

Affected versions

Open-AudIT_1.*

Open-AudIT_1.12

Open-AudIT_1.12.2

Open-AudIT_1.12.2_1

Open-AudIT_1.12.4

Open-AudIT_1.12.6

Open-AudIT_1.12.8

Open-AudIT_1.12.8.1

Open-AudIT_1.12.8.2

Open-AudIT_1.14.2

Open-AudIT_1.8.2

Open-AudIT_2.*

Open-AudIT_2.0.1

Open-AudIT_2.0.1-1

Open-AudIT_2.0.1-2

Open-AudIT_2.0.10

Open-AudIT_2.0.11

Open-AudIT_2.0.2

Open-AudIT_2.0.2-1

Open-AudIT_2.0.4

Open-AudIT_2.0.6

Open-AudIT_2.0.6_beta

Open-AudIT_2.0.8

Open-AudIT_2.1

Open-AudIT_2.2.0

Open-AudIT_2.2.1

Open-AudIT_2.2.2

Open-AudIT_2.2.3

Open-AudIT_2.2.4

Open-AudIT_2.2.5

Open-AudIT_2.2.6

Open-AudIT_2.2.7

Open-AudIT_2.3.0

Open-AudIT_2.3.1

Open-AudIT_2.3.2

Open-AudIT_2.3.3

Open-AudIT_3.*

Open-AudIT_3.0.0

Open-AudIT_3.0.0_windows

Open-AudIT_3.0.1

Open-AudIT_3.0.2

Open-AudIT_3.1.0

Open-AudIT_3.1.1

Open-AudIT_3.1.2

Open-AudIT_3.2.0

Open-AudIT_3.2.1

Open-AudIT_3.2.2

Open-AudIT_3.3.0

Open-AudIT_3.3.1

release/1.*

release/1.0.0

release/1.0.1

release/1.0.2

release/1.0.3

release/1.0.4

release/1.0.5

release/1.0.6

release/1.1.0

release/1.1.1

release/1.1.11

release/1.1.12

release/1.1.13

release/1.1.14

release/1.1.15

release/1.1.16

release/1.1.17

release/1.1.18

release/1.1.19

release/1.1.2

release/1.1.20

release/1.1.21

release/1.1.22

release/1.1.23

release/1.1.24

release/1.1.25

release/1.1.26

release/1.1.27

release/1.1.28

release/1.1.29

release/1.1.3

release/1.1.30

release/1.1.31

release/1.1.32

release/1.1.33

release/1.1.34

release/1.1.35

release/1.1.36

release/1.1.37

release/1.1.38

release/1.1.4

release/1.1.5

release/1.1.6

release/1.1.7

release/1.1.8

release/1.2.0

release/1.2.0-beta1

release/1.2.0-beta2

release/1.2.0-beta3

release/1.2.0-beta4

release/1.2.1

release/1.2.2

release/1.2.3

release/1.2.4

release/1.2.5

release/1.2.6

release/1.2.7

release/1.2.8