CVE-2013-1435

Cacti < 0.8.8b - Remote Code Execution via SNMP and RRD Scripts

Title source: llm
STIX 2.1

Description

(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

References (8)

Core 8
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/54181
Various Sources x_refsource_confirm
http://svn.cacti.net/viewvc?view=rev&revision=7392
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-08/msg00053.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2739
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/54386
Various Sources x_refsource_confirm
http://forums.cacti.net/viewtopic.php?f=21&t=50593
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/08/07/15

Scores

EPSS 0.0239
EPSS Percentile 81.9%

Details

CWE
CWE-94
Status published
Products (33)
cacti/cacti 0.8
cacti/cacti 0.8.1
cacti/cacti 0.8.2
cacti/cacti 0.8.2a
cacti/cacti 0.8.3
cacti/cacti 0.8.3a
cacti/cacti 0.8.4
cacti/cacti 0.8.5
cacti/cacti 0.8.5a
cacti/cacti 0.8.6
... and 23 more
Published Aug 23, 2013
Tracked Since Feb 18, 2026