Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:14
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/41041 - Vendor Advisory | |
References | () http://svn.cacti.net/viewvc?view=rev&revision=5778 - | |
References | () http://svn.cacti.net/viewvc?view=rev&revision=5782 - | |
References | () http://svn.cacti.net/viewvc?view=rev&revision=5784 - | |
References | () http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php - | |
References | () http://www.cacti.net/release_notes_0_8_7f.php - | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2010:160 - | |
References | () http://www.vupen.com/english/advisories/2010/2132 - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=609115 - | |
References | () https://rhn.redhat.com/errata/RHSA-2010-0635.html - |
Information
Published : 2010-08-23 22:00
Updated : 2024-11-21 01:14
NVD link : CVE-2010-1645
Mitre link : CVE-2010-1645
CVE.ORG link : CVE-2010-1645
JSON object : View
Products Affected
cacti
- cacti
CWE
CWE-20
Improper Input Validation