Vulnerability Description
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| The Cacti Group | Cacti | 0.5 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.htmlExploitPatchVendor Advisory
- http://www.debian.org/security/2002/dsa-164PatchVendor Advisory
- http://www.iss.net/security_center/static/10048.phpPatchVendor Advisory
- http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txURL Repurposed
- http://www.securityfocus.com/bid/5627
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.htmlExploitPatchVendor Advisory
- http://www.debian.org/security/2002/dsa-164PatchVendor Advisory
- http://www.iss.net/security_center/static/10048.phpPatchVendor Advisory
- http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txURL Repurposed
- http://www.securityfocus.com/bid/5627
FAQ
What is CVE-2002-1477?
CVE-2002-1477 is a vulnerability with a CVSS score of 7.5 (HIGH). graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.
How severe is CVE-2002-1477?
CVE-2002-1477 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1477?
Check the references section above for vendor advisories and patch information. Affected products include: The Cacti Group Cacti.