Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2709

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-2709
Last Modified 17 Jul 2014 01:06:17
Published 23 Apr 2014 11:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2709

Summary

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.

Vulnerable Systems

Application

  • Cacti 0.8.7

  • Cacti 0.8.7a

  • Cacti 0.8.7b

  • Cacti 0.8.7c

  • Cacti 0.8.7d

  • Cacti 0.8.7e

  • Cacti 0.8.7f

  • Cacti 0.8.7g

  • Cacti 0.8.8

  • Cacti 0.8.8a

  • Cacti 0.8.8b


References

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

BID - 66630

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=7439

SECUNIA - 57647

MLIST - [oss-security] 20140403 Re: CVE request: cacti "bug#0002405: SQL injection in graph_xport.php"

FEDORA - FEDORA-2014-4892

FEDORA - FEDORA-2014-4928

DEBIAN - DSA-2970

SECUNIA - 59203


Last Updated: 27 May 2016 11:05:05