CVE-2014-2328
Cacti < 0.8.7g - Authenticated Remote Code Execution via Shell Metacharacters
Title source: llmDescription
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
References (11)
Core 11
Core References
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html
Issue Tracking, Vendor Advisory x_refsource_confirm
http://bugs.cacti.net/view.php?id=2433
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://svn.cacti.net/viewvc?view=rev&revision=7442
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531588
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59203
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2970
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201509-03
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66387
Scores
EPSS
0.0354
EPSS Percentile
88.0%
Details
Status
published
Products (6)
cacti/cacti
0.8.7 - 0.8.7g
debian/debian_linux
7.0
fedoraproject/fedora
19
fedoraproject/fedora
20
opensuse/opensuse
13.1
opensuse/opensuse
13.2
Published
Apr 23, 2014
Tracked Since
Feb 18, 2026