CVE-2014-2328

Cacti < 0.8.7g - Authenticated Remote Code Execution via Shell Metacharacters

Title source: llm
STIX 2.1

Description

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

References (11)

Core 11
Core References
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html
Issue Tracking, Vendor Advisory x_refsource_confirm
http://bugs.cacti.net/view.php?id=2433
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://svn.cacti.net/viewvc?view=rev&revision=7442
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531588
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59203
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2970
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201509-03
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66387

Scores

EPSS 0.0354
EPSS Percentile 88.0%

Details

Status published
Products (6)
cacti/cacti 0.8.7 - 0.8.7g
debian/debian_linux 7.0
fedoraproject/fedora 19
fedoraproject/fedora 20
opensuse/opensuse 13.1
opensuse/opensuse 13.2
Published Apr 23, 2014
Tracked Since Feb 18, 2026