VDB
DEBIAN-CVE-2020-14295
DEBIAN-CVE-2020-14295
PUBLISHED
CVSS 7.199999809265137 HIGH
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
Risk Scores
CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | cacti | 0 |
| Debian:13 | cacti | 0, 0, 0 |
| Debian:12 | cacti | 0, 0, 0 |
| Debian:11 | cacti | 0, 0, 0 |
Exploit Intelligence
- Authenticated SQL injection to command execution on Cacti 1.2.12 (github-poc-repo)
- Proof of Concept for CVE-2020-14295. (github-poc-repo)
- Proof of Concept for CVE-2020-14295. (github-poc)
- Authenticated SQL injection to command execution on Cacti 1.2.12 (github-poc)
Timeline
- Jun 17, 2020 CVE Published
- May 10, 2026 CVE Updated