CVE-2020-35701

January 14, 2021

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.

Summary:

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.

Reference Links(if available):

  • https://github.com/Cacti/cacti/issues/4022
  • https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    frameless bitb 1

    Frameless-Bitb – A New Approach To Browser In The Browser (BITB) Without The Use Of Iframes, Allowing The Bypass Of Traditional Framebusters Implemented By Login Pages Like Microsoft And The Use With Evilginx

    April 15, 2024
    5e82efae594412ea5893e087b9b120fd21b2ddd76023627b1b18f169d9d36a55

    Toolkit – The Essential Toolkit For Reversing, Malware Analysis, And Cracking

    April 15, 2024
    gophish

    GoPhish Login Page Detected – 34[.]101[.]151[.]51:9443

    April 15, 2024
    gophish

    GoPhish Login Page Detected – 144[.]126[.]250[.]5:8443

    April 15, 2024
    gophish

    GoPhish Login Page Detected – 34[.]128[.]110[.]49:9443

    April 15, 2024