6.5

CVE-2014-2328

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CactiCacti Version >= 0.8.7 <= 0.8.7g
CactiCacti Version >= 0.8.8 <= 0.8.8b
FedoraprojectFedora Version19
FedoraprojectFedora Version20
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.54% 0.879
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html
Third Party Advisory
http://secunia.com/advisories/59203
Third Party Advisory
http://www.debian.org/security/2014/dsa-2970
Third Party Advisory
http://www.securityfocus.com/archive/1/531588
Third Party Advisory
VDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768
Third Party Advisory
Issue Tracking
https://security.gentoo.org/glsa/201509-03
Third Party Advisory
http://bugs.cacti.net/view.php?id=2433
Vendor Advisory
Issue Tracking
http://svn.cacti.net/viewvc?view=rev&revision=7442
Patch
Vendor Advisory
Issue Tracking
http://www.securityfocus.com/bid/66387
Third Party Advisory
VDB Entry