← back
CVE-2020-14295

CVE-2020-14295

EPSS 86.3%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (2 stars) — exploitation code widely available.
CVSS EPSS 86.3%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
17 Jun 2020Metasploit module available
17 Jun 2020Published on NVD
28 Apr 2021Public PoC
Weaponization speed
315 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.