CVE-2013-1434

Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: Aug 23, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1434
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cacti / cacti	0.8.6k	0.8.6k.x
cacti / cacti	0.8.6d	0.8.6d.x
cacti / cacti	0.8.7	0.8.7.x
cacti / cacti	0.8.5a	0.8.5a.x
cacti / cacti	0.8.5	0.8.5.x
cacti / cacti	0.8.7d	0.8.7d.x
cacti / cacti	0.8.7b	0.8.7b.x
cacti / cacti	0.8.6e	0.8.6e.x
cacti / cacti	0.8.7a	0.8.7a.x
cacti / cacti	0.8.8	0.8.8.x
cacti / cacti	0.8.6f	0.8.6f.x
cacti / cacti	0.8.6g	0.8.6g.x
cacti / cacti	0.8.6j	0.8.6j.x
cacti / cacti	0.8.7e	0.8.7e.x
cacti / cacti	0.8.6a	0.8.6a.x
cacti / cacti	0.8.6i	0.8.6i.x
cacti / cacti	0.8.6	0.8.6.x
cacti / cacti	-	0.8.8a.x
cacti / cacti	0.8.7i	0.8.7i.x
cacti / cacti	0.8.6c	0.8.6c.x
cacti / cacti	0.8.6b	0.8.6b.x
cacti / cacti	0.8.7g	0.8.7g.x
cacti / cacti	0.8.6h	0.8.6h.x

Vulnerability Database

289,782

CVE-2013-1434