CVE-2020-14295
HIGH7.2EPSS 78.7%發布日:2020/6/17修改日:2026/5/27
也稱為:DEBIAN-CVE-2020-14295
描述
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
受影響套件(1)
- Debian/cactifrom 0, < 1.2.13+ds1-1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |