CVE-2014-5261

CVSS v2.0 7.5 (High)

EPSS 1.28 % (86^th)

Affected Products 1

Advisories 2

The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.

Weaknesses

CWE-94: Improper Control of Generation of Code ('Code Injection')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2014-08-22 14:55:09
(10 years ago)
Updated Date: 2017-09-08 01:29:04
(7 years ago)

Affected Products

Cacti

Cacti

Configuration #1

	CPE23	Up To
Cacti 0.8.8b and prior versions	cpe:2.3:a:cacti:cacti	<= 0.8.8b
Cacti 0.8.6e	cpe:2.3:a:cacti:cacti:0.8.6e
Cacti 0.8.7	cpe:2.3:a:cacti:cacti:0.8.7
Cacti 0.8.7a	cpe:2.3:a:cacti:cacti:0.8.7a
Cacti 0.8.7b	cpe:2.3:a:cacti:cacti:0.8.7b
Cacti 0.8.7c	cpe:2.3:a:cacti:cacti:0.8.7c
Cacti 0.8.7d	cpe:2.3:a:cacti:cacti:0.8.7d
Cacti 0.8.7e	cpe:2.3:a:cacti:cacti:0.8.7e
Cacti 0.8.7f	cpe:2.3:a:cacti:cacti:0.8.7f
Cacti 0.8.7g	cpe:2.3:a:cacti:cacti:0.8.7g
Cacti 0.8.7i	cpe:2.3:a:cacti:cacti:0.8.7i
Cacti 0.8.8	cpe:2.3:a:cacti:cacti:0.8.8
Cacti 0.8.8a	cpe:2.3:a:cacti:cacti:0.8.8a