http://bugzilla.opensuse.org/show_bug.cgi?id=1173090 Bug ID: 1173090 Summary: VUL-1: CVE-2020-14295: cacti: SQL injection issue in color.php allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/261720/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: Andreas.Stieger@gmx.de Reporter: rfrohl@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2020-14295 A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295 https://github.com/Cacti/cacti/issues/3622 -- You are receiving this mail because: You are on the CC list for the bug.