CVE-2014-5261
EPSS 1.3%
Description
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
How to fix CVE-2014-5261
To remediate CVE-2014-5261, upgrade the affected package to a fixed version below.
- Debian/cacti—upgrade to 0.8.8b+dfsg-8 or later
Is CVE-2014-5261 being exploited?
Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.8.8b+dfsg-8