Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cacti graph_view.php RCE via graph_start Parameter Injection
Vulnerability Description
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cacti 安全漏洞
Vulnerability Description
Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据,使用RRDtool绘画图形进行分析,并提供数据和用户管理功能。 Cacti 0.8.6-d之前版本存在安全漏洞,该漏洞源于graph_view.php脚本对graph_start参数处理不当,可能导致远程命令执行。
CVSS Information
N/A
Vulnerability Type
N/A