DEBIAN-CVE-2020-14295

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2020-14295

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-14295.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-14295

Upstream

CVE-2020-14295

Published

2020-06-17T14:15:10Z

Modified

2025-09-19T06:21:59Z

Summary

[none]

Details

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

References

https://security-tracker.debian.org/tracker/CVE-2020-14295

Affected packages

Debian:11 / cacti

Package

Name: cacti
Purl: pkg:deb/debian/cacti?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.13+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cacti

Package

Name: cacti
Purl: pkg:deb/debian/cacti?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.13+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cacti

Package

Name: cacti
Purl: pkg:deb/debian/cacti?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.13+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / cacti

Package

Name: cacti
Purl: pkg:deb/debian/cacti?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.13+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}