cacti-1.2.18-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10670-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z cacti-1.2.18-1.2 on GA media These are all security issues fixed in the cacti-1.2.18-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10670 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2006-6799/ SUSE CVE CVE-2006-6799 page https://www.suse.com/security/cve/CVE-2007-3112/ SUSE CVE CVE-2007-3112 page https://www.suse.com/security/cve/CVE-2009-4112/ SUSE CVE CVE-2009-4112 page https://www.suse.com/security/cve/CVE-2014-4000/ SUSE CVE CVE-2014-4000 page https://www.suse.com/security/cve/CVE-2017-10970/ SUSE CVE CVE-2017-10970 page https://www.suse.com/security/cve/CVE-2017-11163/ SUSE CVE CVE-2017-11163 page https://www.suse.com/security/cve/CVE-2017-11691/ SUSE CVE CVE-2017-11691 page https://www.suse.com/security/cve/CVE-2017-12065/ SUSE CVE CVE-2017-12065 page https://www.suse.com/security/cve/CVE-2017-12927/ SUSE CVE CVE-2017-12927 page https://www.suse.com/security/cve/CVE-2017-12978/ SUSE CVE CVE-2017-12978 page https://www.suse.com/security/cve/CVE-2017-15194/ SUSE CVE CVE-2017-15194 page https://www.suse.com/security/cve/CVE-2017-16641/ SUSE CVE CVE-2017-16641 page https://www.suse.com/security/cve/CVE-2017-16660/ SUSE CVE CVE-2017-16660 page https://www.suse.com/security/cve/CVE-2017-16661/ SUSE CVE CVE-2017-16661 page https://www.suse.com/security/cve/CVE-2017-16785/ SUSE CVE CVE-2017-16785 page https://www.suse.com/security/cve/CVE-2018-20723/ SUSE CVE CVE-2018-20723 page https://www.suse.com/security/cve/CVE-2018-20724/ SUSE CVE CVE-2018-20724 page https://www.suse.com/security/cve/CVE-2018-20725/ SUSE CVE CVE-2018-20725 page https://www.suse.com/security/cve/CVE-2018-20726/ SUSE CVE CVE-2018-20726 page https://www.suse.com/security/cve/CVE-2019-16723/ SUSE CVE CVE-2019-16723 page https://www.suse.com/security/cve/CVE-2019-17357/ SUSE CVE CVE-2019-17357 page https://www.suse.com/security/cve/CVE-2019-17358/ SUSE CVE CVE-2019-17358 page https://www.suse.com/security/cve/CVE-2020-11022/ SUSE CVE CVE-2020-11022 page https://www.suse.com/security/cve/CVE-2020-13625/ SUSE CVE CVE-2020-13625 page https://www.suse.com/security/cve/CVE-2020-14295/ SUSE CVE CVE-2020-14295 page https://www.suse.com/security/cve/CVE-2020-14424/ SUSE CVE CVE-2020-14424 page https://www.suse.com/security/cve/CVE-2020-25706/ SUSE CVE CVE-2020-25706 page https://www.suse.com/security/cve/CVE-2020-35701/ SUSE CVE CVE-2020-35701 page https://www.suse.com/security/cve/CVE-2020-7106/ SUSE CVE CVE-2020-7106 page https://www.suse.com/security/cve/CVE-2020-7237/ SUSE CVE CVE-2020-7237 page https://www.suse.com/security/cve/CVE-2020-8813/ SUSE CVE CVE-2020-8813 page openSUSE Tumbleweed cacti-1.2.18-1.2 cacti-1.2.18-1.2 as a component of openSUSE Tumbleweed SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function. CVE-2006-6799 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-6799.html CVE-2006-6799 https://bugzilla.suse.com/231082 SUSE Bug 231082 https://bugzilla.suse.com/236724 SUSE Bug 236724 graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113. CVE-2007-3112 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-3112.html CVE-2007-3112 https://bugzilla.suse.com/326228 SUSE Bug 326228 Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands. CVE-2009-4112 openSUSE Tumbleweed:cacti-1.2.18-1.2 important 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-4112.html CVE-2009-4112 https://bugzilla.suse.com/1122535 SUSE Bug 1122535 https://bugzilla.suse.com/558664 SUSE Bug 558664 Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). CVE-2014-4000 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-4000.html CVE-2014-4000 https://bugzilla.suse.com/1022564 SUSE Bug 1022564 Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. CVE-2017-10970 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10970.html CVE-2017-10970 https://bugzilla.suse.com/1047512 SUSE Bug 1047512 Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. CVE-2017-11163 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-11163.html CVE-2017-11163 https://bugzilla.suse.com/1048102 SUSE Bug 1048102 https://bugzilla.suse.com/1051633 SUSE Bug 1051633 Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. CVE-2017-11691 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-11691.html CVE-2017-11691 https://bugzilla.suse.com/1050950 SUSE Bug 1050950 spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. CVE-2017-12065 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12065.html CVE-2017-12065 https://bugzilla.suse.com/1051633 SUSE Bug 1051633 A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. CVE-2017-12927 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12927.html CVE-2017-12927 https://bugzilla.suse.com/1054390 SUSE Bug 1054390 lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. CVE-2017-12978 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12978.html CVE-2017-12978 https://bugzilla.suse.com/1054742 SUSE Bug 1054742 include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. CVE-2017-15194 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15194.html CVE-2017-15194 https://bugzilla.suse.com/1062554 SUSE Bug 1062554 lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. CVE-2017-16641 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-16641.html CVE-2017-16641 https://bugzilla.suse.com/1067166 SUSE Bug 1067166 Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. CVE-2017-16660 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-16660.html CVE-2017-16660 https://bugzilla.suse.com/1067164 SUSE Bug 1067164 Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd. CVE-2017-16661 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 4 AV:N/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-16661.html CVE-2017-16661 https://bugzilla.suse.com/1067163 SUSE Bug 1067163 Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. CVE-2017-16785 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-16785.html CVE-2017-16785 https://bugzilla.suse.com/1068028 SUSE Bug 1068028 A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. CVE-2018-20723 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20723.html CVE-2018-20723 https://bugzilla.suse.com/1122245 SUSE Bug 1122245 A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. CVE-2018-20724 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20724.html CVE-2018-20724 https://bugzilla.suse.com/1122244 SUSE Bug 1122244 A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. CVE-2018-20725 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20725.html CVE-2018-20725 https://bugzilla.suse.com/1122243 SUSE Bug 1122243 A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. CVE-2018-20726 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20726.html CVE-2018-20726 https://bugzilla.suse.com/1122242 SUSE Bug 1122242 In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. CVE-2019-16723 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 4 AV:N/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-16723.html CVE-2019-16723 https://bugzilla.suse.com/1151788 SUSE Bug 1151788 https://bugzilla.suse.com/1214170 SUSE Bug 1214170 Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. CVE-2019-17357 openSUSE Tumbleweed:cacti-1.2.18-1.2 important 4 AV:N/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-17357.html CVE-2019-17357 https://bugzilla.suse.com/1158990 SUSE Bug 1158990 Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module. CVE-2019-17358 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 5.5 AV:N/AC:L/Au:S/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-17358.html CVE-2019-17358 https://bugzilla.suse.com/1158992 SUSE Bug 1158992 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CVE-2020-11022 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-11022.html CVE-2020-11022 https://bugzilla.suse.com/1173090 SUSE Bug 1173090 https://bugzilla.suse.com/1178434 SUSE Bug 1178434 https://bugzilla.suse.com/1190663 SUSE Bug 1190663 PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. CVE-2020-13625 openSUSE Tumbleweed:cacti-1.2.18-1.2 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-13625.html CVE-2020-13625 https://bugzilla.suse.com/1173090 SUSE Bug 1173090 A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. CVE-2020-14295 openSUSE Tumbleweed:cacti-1.2.18-1.2 important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14295.html CVE-2020-14295 https://bugzilla.suse.com/1173090 SUSE Bug 1173090 Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. CVE-2020-14424 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14424.html CVE-2020-14424 https://bugzilla.suse.com/1188188 SUSE Bug 1188188 A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field CVE-2020-25706 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-25706.html CVE-2020-25706 https://bugzilla.suse.com/1174850 SUSE Bug 1174850 https://bugzilla.suse.com/1178677 SUSE Bug 1178677 An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. CVE-2020-35701 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-35701.html CVE-2020-35701 https://bugzilla.suse.com/1180804 SUSE Bug 1180804 Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). CVE-2020-7106 openSUSE Tumbleweed:cacti-1.2.18-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-7106.html CVE-2020-7106 https://bugzilla.suse.com/1163749 SUSE Bug 1163749 Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. CVE-2020-7237 openSUSE Tumbleweed:cacti-1.2.18-1.2 important 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-7237.html CVE-2020-7237 https://bugzilla.suse.com/1161297 SUSE Bug 1161297 graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. CVE-2020-8813 openSUSE Tumbleweed:cacti-1.2.18-1.2 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-8813.html CVE-2020-8813 https://bugzilla.suse.com/1154087 SUSE Bug 1154087 https://bugzilla.suse.com/1160867 SUSE Bug 1160867 https://bugzilla.suse.com/1164675 SUSE Bug 1164675