Bug 1173090 - (CVE-2020-14295) VUL-1: CVE-2020-14295: cacti: SQL injection issue in color.php allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries
(CVE-2020-14295)
VUL-1: CVE-2020-14295: cacti: SQL injection issue in color.php allows an admi...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P4 - Low : Minor (vote)
: ---
Assigned To: Andreas Stieger
Security Team bot
https://smash.suse.de/issue/261720/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-06-18 07:21 UTC by Robert Frohl
Modified: 2020-08-03 21:32 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2020-06-18 07:21:17 UTC
CVE-2020-14295

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL
via the filter parameter. This can lead to remote command execution because the
product accepts stacked queries.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295
https://github.com/Cacti/cacti/issues/3622
Comment 1 Andreas Stieger 2020-06-19 12:07:17 UTC
Also.... 

https://github.com/Cacti/cacti/issues/3544
Cacti is affected by CVE-2020-11022 and CVE-2020-11023

https://github.com/Cacti/cacti/issues/3549
Several XSS Vulnerabilities

https://github.com/Cacti/cacti/pull/3582
Update PHPMailer to version 6.1.6 with fix for CVE-2020-13625
Comment 3 Andreas Stieger 2020-07-14 06:58:25 UTC
from https://www.cacti.net/release_notes.php?version=1.2.13

security#3544: jQuery XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023)
security#3549: Lack of escaping on some pages can lead to XSS exposure
security#3582: Update PHPMailer to 6.1.6 (CVE-2020-13625)
security#3622: SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295)
security#3628: Lack of escaping on template import can lead to XSS exposure
Comment 4 OBSbugzilla Bot 2020-07-14 10:10:17 UTC
This is an autogenerated message for OBS integration:
This bug (1173090) was mentioned in
https://build.opensuse.org/request/show/820849 Factory / cacti
https://build.opensuse.org/request/show/820850 15.1+15.2+Backports:SLE-12 / cacti+cacti-spine
Comment 5 Swamp Workflow Management 2020-07-25 22:13:26 UTC
openSUSE-SU-2020:1060-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1115436,1154087,1173090
CVE References: CVE-2020-11022,CVE-2020-11023,CVE-2020-13625,CVE-2020-14295
Sources used:
openSUSE Leap 15.2 (src):    cacti-1.2.13-lp152.2.3.1, cacti-spine-1.2.13-lp152.2.3.1
openSUSE Leap 15.1 (src):    cacti-1.2.13-lp151.3.12.1, cacti-spine-1.2.13-lp151.3.12.1
Comment 6 Swamp Workflow Management 2020-07-25 22:15:19 UTC
openSUSE-SU-2020:1060-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1115436,1154087,1173090
CVE References: CVE-2020-11022,CVE-2020-11023,CVE-2020-13625,CVE-2020-14295
Sources used:
openSUSE Leap 15.2 (src):    cacti-1.2.13-lp152.2.3.1, cacti-spine-1.2.13-lp152.2.3.1
openSUSE Leap 15.1 (src):    cacti-1.2.13-lp151.3.12.1, cacti-spine-1.2.13-lp151.3.12.1
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    cacti-1.2.13-11.1, cacti-spine-1.2.13-8.1
Comment 7 Swamp Workflow Management 2020-07-28 01:14:21 UTC
openSUSE-SU-2020:1106-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1115436,1154087,1173090
CVE References: CVE-2020-11022,CVE-2020-11023,CVE-2020-13625,CVE-2020-14295
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP1 (src):    cacti-1.2.13-bp151.4.12.1, cacti-spine-1.2.13-bp151.4.12.1
Comment 8 Andreas Stieger 2020-08-03 21:32:53 UTC
done