1. Home
  2. Vulnerabilities
  3. CVE-2020-14295

CVE-2020-14295

CVSS v3.1 7.2 (High)
72% Progress
CVSS v2.0 6.5 (Medium)
65% Progress
EPSS 35.73 % (97th)
35.73% Progress
Affected Products 2
Advisories 8
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

Weaknesses
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2020-06-17 14:15:10
(4 years ago)
Updated Date
2023-11-07 03:17:07
(10 months ago)

Affected Products

Cacti

Fedoraproject

Configuration #1

    CPE23 From Up To
  Cacti 1.2.12 cpe:2.3:a:cacti:cacti:1.2.12

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 31 cpe:2.3:o:fedoraproject:fedora:31
  Fedoraproject Fedora 32 cpe:2.3:o:fedoraproject:fedora:32