fkie_nvd - fkie_cve-2013-1434

fkie_cve-2013-1434

Vulnerability from fkie_nvd

Published

2013-08-23 16:55

Modified

2024-11-21 01:49

Severity ?

Summary

Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

URL	Tags
security@debian.org	http://forums.cacti.net/viewtopic.php?f=21&t=50593	Patch, Vendor Advisory
security@debian.org	http://lists.opensuse.org/opensuse-updates/2013-08/msg00053.html
security@debian.org	http://secunia.com/advisories/54181	Vendor Advisory
security@debian.org	http://secunia.com/advisories/54386	Vendor Advisory
security@debian.org	http://svn.cacti.net/viewvc?view=rev&revision=7394	Patch
security@debian.org	http://www.debian.org/security/2012/dsa-2739
security@debian.org	http://www.openwall.com/lists/oss-security/2013/08/07/15
security@debian.org	http://www.securityfocus.com/bid/61657
security@debian.org	http://www.securitytracker.com/id/1028893
af854a3a-2127-422b-91ae-364da2661108	http://forums.cacti.net/viewtopic.php?f=21&t=50593	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-08/msg00053.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54181	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54386	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.cacti.net/viewvc?view=rev&revision=7394	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2739
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/08/07/15
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/61657
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1028893

Impacted products

Vendor	Product	Version
cacti	cacti	*
cacti	cacti	0.8.5
cacti	cacti	0.8.5a
cacti	cacti	0.8.6
cacti	cacti	0.8.6a
cacti	cacti	0.8.6b
cacti	cacti	0.8.6c
cacti	cacti	0.8.6d
cacti	cacti	0.8.6e
cacti	cacti	0.8.6f
cacti	cacti	0.8.6g
cacti	cacti	0.8.6h
cacti	cacti	0.8.6i
cacti	cacti	0.8.6j
cacti	cacti	0.8.6k
cacti	cacti	0.8.7
cacti	cacti	0.8.7a
cacti	cacti	0.8.7b
cacti	cacti	0.8.7d
cacti	cacti	0.8.7e
cacti	cacti	0.8.7g
cacti	cacti	0.8.7i
cacti	cacti	0.8.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1FF245-C99B-41A1-90EB-C5A4025A7AED",
              "versionEndIncluding": "0.8.8a",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "25541421-4A87-43BF-86D7-E1377CE3C859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "301E2B13-D410-4B26-9A47-F90343F47C18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "546CE4D8-1E2E-4DEB-9FA1-DEA05F9AAE9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C420D9-45EB-40EF-BB9D-BBB5BB7DA6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5FE1D7F-5A32-4C66-8B7E-7F790F1D9AAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE910AB1-7D04-4743-9963-BBA191EE4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4290992-9EF9-41D4-8AB5-6744370A25E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "E239B64D-6B94-4E77-8245-5293247F09D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6f:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB41A3C5-D03A-4B1F-B841-A9F5021A59F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6g:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F794F36-3073-43C5-A6C7-BADBCF6B735E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6h:*:*:*:*:*:*:*",
              "matchCriteriaId": "76CB86A0-E3A9-4A43-B98B-46654EFE21A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6i:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D62D429-7BDE-47DE-B466-0732DAC3F70E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6j:*:*:*:*:*:*:*",
              "matchCriteriaId": "6893355E-2F64-416D-9AED-898E6D1123F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6k:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B41942D-A4A9-4916-99E6-DA36EB747BF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "191A8F3B-EDFA-47AA-B7B1-95B4C05AFD7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A8C1715-DCA1-4C83-B817-9366172CFC1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "307B69DB-CFFB-49BA-A126-134EEE735FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7d:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B53567F-C65B-4E1F-BBF7-4F55C845A83A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7e:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB3DC32A-09AF-4DC9-A78E-E951847B76A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7g:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9C0E835-9CB2-4700-8216-EC2F1BCB4CB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7i:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FC44FEA-FB88-4620-B200-E188C7A2BFAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DABFA50-3C45-4841-945B-FBC40B9C94B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Multiples vulnerabilidades de inyecci\u00f3n SQL en (1) api_poller.php y (2) utility.php en Cacti anterior a v0.8.8b permiten a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-1434",
  "lastModified": "2024-11-21T01:49:34.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-23T16:55:06.980",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://forums.cacti.net/viewtopic.php?f=21\u0026t=50593"
    },
    {
      "source": "security@debian.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00053.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54181"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54386"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.cacti.net/viewvc?view=rev\u0026revision=7394"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.debian.org/security/2012/dsa-2739"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2013/08/07/15"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.securityfocus.com/bid/61657"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.securitytracker.com/id/1028893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://forums.cacti.net/viewtopic.php?f=21\u0026t=50593"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00053.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.cacti.net/viewvc?view=rev\u0026revision=7394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2739"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/08/07/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/61657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028893"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-1434

Vulnerability from cvelistv5

Published

2013-08-23 16:00