data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm.
References
Link | Resource |
---|---|
https://github.com/Cacti/cacti/issues/3186 | Exploit Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-15T06:03:56
Updated: 2020-01-15T06:03:56
Reserved: 2020-01-15T00:00:00
Link: CVE-2020-7058
JSON object: View
NVD Information
Status : Modified
Published: 2020-01-15T07:15:12.927
Modified: 2024-05-17T01:50:30.687
Link: CVE-2020-7058
JSON object: View
Redhat Information
No data.
CWE