CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-4112

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.0480%
EPSS Percentile30.95th
Published2009年11月30日
Last Modified2026年4月23日

Vulnerability Description

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.

Affected Platforms (CPE)

📦
Cacti

Cacti

<= 0.8.7e
📦
Cacti

Cacti

= 0.6.7
📦
Cacti

Cacti

= 0.8
📦
Cacti

Cacti

= 0.8.1
📦
Cacti

Cacti

= 0.8.2
📦
Cacti

Cacti

= 0.8.2a
📦
Cacti

Cacti

= 0.8.3
📦
Cacti

Cacti

= 0.8.3a
📦
Cacti

Cacti

= 0.8.4
📦
Cacti

Cacti

= 0.8.5
📦
Cacti

Cacti

= 0.8.5a
📦
Cacti

Cacti

= 0.8.6c
📦
Cacti

Cacti

= 0.8.6f
📦
Cacti

Cacti

= 0.8.6i
📦
Cacti

Cacti

= 0.8.7
📦
Cacti

Cacti

= 0.8.7a

References & Advisories

🔗 http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
🔗 http://www.openwall.com/lists/oss-security/2009/11/26/1
🔗 http://www.openwall.com/lists/oss-security/2009/11/30/2
🔗 http://www.securityfocus.com/archive/1/508129/100/0/threaded

関連する脆弱性情報

CVE-2005-214910.0

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information ...

CVE-2002-147810.0

Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.

CVE-2017-120659.8

spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outl...

CVE-2021-406439.8

EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location ...