What is CVE-2020-14295?

CVE-2020-14295 is a vulnerability in N/a. Published 2020-06-17.

Is CVE-2020-14295 known to be exploited?

21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-14295

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

EPSS: 0.787 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/Cacti/cacti/issues/3622 (x_refsource_MISC)
FEDORA-2020-8a15713da2 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-7dddce530c (vendor-advisory, x_refsource_FEDORA)
openSUSE-SU-2020:1060 (vendor-advisory, x_refsource_SUSE)
GLSA-202007-03 (vendor-advisory, x_refsource_GENTOO)
openSUSE-SU-2020:1106 (vendor-advisory, x_refsource_SUSE)
packetstormsecurity.com/files/162384/Cacti-1.2.12-SQL-Injection-Remote-Code-Exe… (x_refsource_MISC)
packetstormsecurity.com/files/162918/Cacti-1.2.12-SQL-Injection-Remote-Command-… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-14295?: CVE-2020-14295 is a vulnerability in N/a. Published 2020-06-17.
Is CVE-2020-14295 known to be exploited?: 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.