CVE-2019-17357
Summary
| CVE | CVE-2019-17357 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-21 19:15:00 UTC |
| Updated | 2020-03-01 22:15:00 UTC |
| Description | Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] openSUSE-SU-2020:0284-1: important: Security update | SUSE | lists.opensuse.org | |
| [security-announce] openSUSE-SU-2020:0565-1: important: Security update | SUSE | lists.opensuse.org | |
| [security-announce] openSUSE-SU-2020:0558-1: important: Security update | SUSE | lists.opensuse.org | |
| DarkMatter - Smart and Safe Digital | | MISC | www.darkmatter.ae | Broken Link |
| When viewing graphs, some input variables are not properly checked (SQL injection possible) · Issue #3025 · Cacti/cacti · GitHub | CONFIRM | github.com | Patch, Third Party Advisory |
| Cacti: Multiple vulnerabilities (GLSA 202003-40) — Gentoo security | GENTOO | security.gentoo.org | |
| [security-announce] openSUSE-SU-2020:0272-1: important: Security update | SUSE | lists.opensuse.org | |
| #947374 - cacti: CVE-2019-17357 - Debian Bug report logs | MISC | bugs.debian.org | Issue Tracking, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.