CVE-2009-4112 | Vulnerability Database | Aqua Security

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the Data Input Method for the Linux - Get Memory Usage setting to contain arbitrary commands.

Affected Software

Name	Vendor	Start Version	End Version
Cacti	Cacti	*	0.8.7e (including)
Cacti	Cacti	0.6.7 (including)	0.6.7 (including)
Cacti	Cacti	0.8 (including)	0.8 (including)
Cacti	Cacti	0.8.1 (including)	0.8.1 (including)
Cacti	Cacti	0.8.2 (including)	0.8.2 (including)
Cacti	Cacti	0.8.2a (including)	0.8.2a (including)
Cacti	Cacti	0.8.3 (including)	0.8.3 (including)
Cacti	Cacti	0.8.3a (including)	0.8.3a (including)
Cacti	Cacti	0.8.4 (including)	0.8.4 (including)
Cacti	Cacti	0.8.5 (including)	0.8.5 (including)
Cacti	Cacti	0.8.5a (including)	0.8.5a (including)
Cacti	Cacti	0.8.6c (including)	0.8.6c (including)
Cacti	Cacti	0.8.6f (including)	0.8.6f (including)
Cacti	Cacti	0.8.6i (including)	0.8.6i (including)
Cacti	Cacti	0.8.7 (including)	0.8.7 (including)
Cacti	Cacti	0.8.7a (including)	0.8.7a (including)

References

http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
http://www.openwall.com/lists/oss-security/2009/11/26/1
http://www.openwall.com/lists/oss-security/2009/11/30/2
http://www.securityfocus.com/archive/1/508129/100/0/threaded
http://www.securityfocus.com/bid/37137
https://exchange.xforce.ibmcloud.com/vulnerabilities/54473

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-4112
CWE	https://cwe.mitre.org/data/definitions/264.html