VDB

DEBIAN-CVE-2020-14295

DEBIAN-CVE-2020-14295 PUBLISHED CVSS 7.199999809265137 HIGH

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

Risk Scores

CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:14cacti0
Debian:13cacti0, 0, 0
Debian:12cacti0, 0, 0
Debian:11cacti0, 0, 0

Timeline

  • Jun 17, 2020 CVE Published
  • May 10, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›