CVE-2019-17357
6.5
MEDIUM
CVSS 3.1
EPSS 15.5%
Description
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
How to fix CVE-2019-17357
To remediate CVE-2019-17357, upgrade the affected package to a fixed version below.
- —upgrade to 1.2.8+ds1-1 or later
Is CVE-2019-17357 being exploited?
Moderate — EPSS is 15.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.2.8+ds1-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |