ALT-PU-2017-1195-1

Обновление пакета cacti в ветке sisyphus

Версия1.0.3-alt1

Задание#178301

Опубликовано2017-02-21

Макс. серьёзностьHIGH

Серьёзность:

Закрытые проблемы (2)

HIGH8.8

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).

Опубликовано: 2017-11-15Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ссылки

HIGH8.8

auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.

Опубликовано: 2017-11-24Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ссылки