[Bug 1173090] VUL-1: CVE-2020-14295: cacti: SQL injection issue in color.php allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries

http://bugzilla.opensuse.org/show_bug.cgi?id=1173090 http://bugzilla.opensuse.org/show_bug.cgi?id=1173090#c1 --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Also.... https://github.com/Cacti/cacti/issues/3544 Cacti is affected by CVE-2020-11022 and CVE-2020-11023 https://github.com/Cacti/cacti/issues/3549 Several XSS Vulnerabilities https://github.com/Cacti/cacti/pull/3582 Update PHPMailer to version 6.1.6 with fix for CVE-2020-13625 -- You are receiving this mail because: You are on the CC list for the bug.