[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-8813":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":88,"duplicate_of":9,"upstream":89,"downstream":90,"duplicates":103,"related":104,"reserved_at":9,"published_at":108,"modified_at":109,"state":110,"summary":111,"references_raw":119,"kevs":188,"epss":189,"epss_history":192,"metrics":397,"affected":408},"CVE-2020-8813","graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-78","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":33,"name":34,"techniques":35},"CAPEC-6","Argument Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-88","OS Command Injection",[],[41,50,58,63,68,80],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_MHASKAR_EBE6B74C32FD0F7E1EEDF1AABFD44129","Ebe6B74C32Fd0F7E1Eedf1Aabfd44129","github","https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129","poc",0.3,false,[],{"_key":51,"name":52,"source":53,"url":54,"maturity":55,"reliability_score":56,"verified":48,"type":9,"platforms":57,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_94F7C616A44FC08A","Exploit Reference (drive.google.com)","reference","https://drive.google.com/file/d/1A8hxTyk_NgSp04zPX-23nPbsSDeyDFio/view","unknown",0.2,[],{"_key":59,"name":60,"source":53,"url":61,"maturity":55,"reliability_score":56,"verified":48,"type":9,"platforms":62,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_C51760057EF67D23","Exploit Reference (shells.systems)","https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/",[],{"_key":64,"name":65,"source":53,"url":66,"maturity":55,"reliability_score":56,"verified":48,"type":9,"platforms":67,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_719A6B82C92F6694","Exploit Reference (lists.opensuse.org)","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html",[],{"_key":69,"name":70,"source":71,"url":72,"maturity":46,"reliability_score":73,"verified":48,"type":9,"platforms":74,"requires_auth":9,"exploitdb":76,"metasploit":9},"48144","Cacti 1.2.8 - Authenticated Remote Code Execution","exploit-database","https://www.exploit-db.com/exploits/48144",0.5,[75],"multiple",{"verified":48,"type":77,"platform":75,"file":78,"codes":79},"webapps","exploits/multiple/webapps/48144.py",[7],{"_key":81,"name":82,"source":71,"url":83,"maturity":46,"reliability_score":73,"verified":48,"type":9,"platforms":84,"requires_auth":9,"exploitdb":85,"metasploit":9},"48145","Cacti 1.2.8 - Unauthenticated Remote Code Execution","https://www.exploit-db.com/exploits/48145",[75],{"verified":48,"type":77,"platform":75,"file":86,"codes":87},"exploits/multiple/webapps/48145.py",[7],[],[],[91,93,95,97,99,101],{"_key":92},"UBUNTU-CVE-2020-8813",{"_key":94},"OPENSUSE-SU-2020:0565-1",{"_key":96},"OPENSUSE-SU-2020:0558-1",{"_key":98},"OPENSUSE-SU-2024:10670-1",{"_key":100},"DLA-3252-1",{"_key":102},"DEBIAN-CVE-2020-8813",[],[105,106,107],{"_key":94},{"_key":96},{"_key":98},"2020-02-22T00:00:00.000Z","2024-08-04T10:12:10.614Z","Modified",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":112,"epss_score":113,"severity":114,"severity_score":115,"severity_version":116,"severity_source":117,"severity_vector":118,"severity_status":110},"critical",0.93591,"high",9.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:C/I:C/A:C",[120,126,129,134,137,142,147,151,155,160,164,168,173,177,180,184],{"url":45,"sources":121,"tags":123},[122,117],"cve.org",[124,125],"Exploit","Third Party Advisory",{"url":54,"sources":127,"tags":128},[122,117],[124,125],{"url":130,"sources":131,"tags":132},"https://github.com/Cacti/cacti/releases",[122,117],[133],"Release Notes",{"url":61,"sources":135,"tags":136},[122,117],[124,125],{"url":138,"sources":139,"tags":140},"https://github.com/Cacti/cacti/issues/3285",[122,117],[141,125],"Issue Tracking",{"url":143,"sources":144,"tags":145},"http://packetstormsecurity.com/files/156538/Cacti-1.2.8-Authenticated-Remote-Code-Execution.html",[122,117],[125,146],"VDB Entry",{"url":148,"sources":149,"tags":150},"http://packetstormsecurity.com/files/156537/Cacti-1.2.8-Unauthenticated-Remote-Code-Execution.html",[122,117],[125,146],{"url":152,"sources":153,"tags":154},"http://packetstormsecurity.com/files/156593/Cacti-1.2.8-Unauthenticated-Remote-Code-Execution.html",[122,117],[125,146],{"url":156,"sources":157,"tags":158},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M77SS33IDVNGBU566TK2XVULPW3RXUQ4/",[122,117],[159],"Vendor Advisory",{"url":161,"sources":162,"tags":163},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEMDQXDRNQYXOME7TACKDVCXZXZNGZE2/",[122,117],[159],{"url":165,"sources":166,"tags":167},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAX3LDXPIKWNBGVZSIMZV7LI5K6BZRTO/",[122,117],[159],{"url":169,"sources":170,"tags":171},"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html",[122,117],[159,172,125],"Mailing List",{"url":174,"sources":175,"tags":176},"http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.html",[122,117],[125,146],{"url":66,"sources":178,"tags":179},[122,117],[159,124,125],{"url":181,"sources":182,"tags":183},"https://security.gentoo.org/glsa/202004-16",[122,117],[159,125],{"url":185,"sources":186,"tags":187},"https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html",[122,117],[172,125],[],{"date":190,"score":113,"percentile":191},"2026-06-04",0.99843,[193,197,199,201,203,205,207,209,212,214,216,218,221,223,227,231,233,235,238,240,242,244,246,248,250,252,254,256,259,262,264,266,268,270,272,274,276,278,280,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321,323,325,328,332,335,337,339,341,343,347,349,351,353,357,359,362,364,367,369,371,373,375,377,379,381,383,385,387,389,391,394],{"date":194,"score":195,"percentile":196},"2025-11-04",0.94156,0.99907,{"date":198,"score":195,"percentile":196},"2025-11-05",{"date":200,"score":195,"percentile":196},"2025-11-06",{"date":202,"score":195,"percentile":196},"2025-11-07",{"date":204,"score":195,"percentile":196},"2025-11-08",{"date":206,"score":195,"percentile":196},"2025-11-09",{"date":208,"score":195,"percentile":196},"2025-11-10",{"date":210,"score":195,"percentile":211},"2025-11-11",0.99908,{"date":213,"score":195,"percentile":211},"2025-11-12",{"date":215,"score":195,"percentile":211},"2025-11-13",{"date":217,"score":195,"percentile":211},"2025-11-14",{"date":219,"score":195,"percentile":220},"2025-11-15",0.99909,{"date":222,"score":195,"percentile":220},"2025-11-16",{"date":224,"score":225,"percentile":226},"2025-11-17",0.94182,0.99912,{"date":228,"score":229,"percentile":230},"2025-11-18",0.93351,0.99864,{"date":232,"score":229,"percentile":230},"2025-11-19",{"date":234,"score":229,"percentile":230},"2025-11-20",{"date":236,"score":225,"percentile":237},"2025-11-21",0.99911,{"date":239,"score":225,"percentile":237},"2025-11-22",{"date":241,"score":225,"percentile":237},"2025-11-23",{"date":243,"score":225,"percentile":226},"2025-11-24",{"date":245,"score":225,"percentile":226},"2025-11-25",{"date":247,"score":225,"percentile":226},"2025-11-26",{"date":249,"score":225,"percentile":226},"2025-11-27",{"date":251,"score":225,"percentile":226},"2025-11-28",{"date":253,"score":225,"percentile":226},"2025-11-29",{"date":255,"score":225,"percentile":226},"2025-11-30",{"date":257,"score":225,"percentile":258},"2025-12-01",0.99914,{"date":260,"score":225,"percentile":261},"2025-12-02",0.99915,{"date":263,"score":225,"percentile":261},"2025-12-03",{"date":265,"score":225,"percentile":226},"2025-12-04",{"date":267,"score":225,"percentile":226},"2025-12-05",{"date":269,"score":225,"percentile":226},"2025-12-06",{"date":271,"score":225,"percentile":226},"2025-12-07",{"date":273,"score":225,"percentile":226},"2025-12-08",{"date":275,"score":225,"percentile":226},"2025-12-09",{"date":277,"score":225,"percentile":226},"2025-12-10",{"date":279,"score":225,"percentile":226},"2025-12-11",{"date":281,"score":225,"percentile":282},"2025-12-12",0.99913,{"date":284,"score":225,"percentile":282},"2025-12-13",{"date":286,"score":225,"percentile":226},"2025-12-14",{"date":288,"score":225,"percentile":282},"2025-12-15",{"date":290,"score":225,"percentile":282},"2025-12-16",{"date":292,"score":225,"percentile":282},"2025-12-17",{"date":294,"score":225,"percentile":258},"2025-12-18",{"date":296,"score":225,"percentile":258},"2025-12-19",{"date":298,"score":225,"percentile":258},"2025-12-20",{"date":300,"score":225,"percentile":258},"2025-12-21",{"date":302,"score":225,"percentile":258},"2025-12-22",{"date":304,"score":225,"percentile":258},"2025-12-23",{"date":306,"score":225,"percentile":282},"2025-12-24",{"date":308,"score":225,"percentile":282},"2025-12-25",{"date":310,"score":225,"percentile":282},"2025-12-26",{"date":312,"score":225,"percentile":258},"2025-12-27",{"date":314,"score":225,"percentile":282},"2025-12-28",{"date":316,"score":225,"percentile":282},"2025-12-29",{"date":318,"score":225,"percentile":282},"2025-12-30",{"date":320,"score":225,"percentile":282},"2025-12-31",{"date":322,"score":225,"percentile":261},"2026-01-01",{"date":324,"score":225,"percentile":261},"2026-01-02",{"date":326,"score":327,"percentile":226},"2026-01-03",0.94155,{"date":329,"score":330,"percentile":331},"2026-01-04",0.94119,0.99905,{"date":333,"score":330,"percentile":334},"2026-01-05",0.99904,{"date":336,"score":330,"percentile":334},"2026-01-06",{"date":338,"score":330,"percentile":331},"2026-01-07",{"date":340,"score":330,"percentile":331},"2026-01-08",{"date":342,"score":330,"percentile":331},"2026-01-09",{"date":344,"score":345,"percentile":346},"2026-01-10",0.94078,0.99899,{"date":348,"score":345,"percentile":346},"2026-01-11",{"date":350,"score":345,"percentile":346},"2026-01-12",{"date":352,"score":345,"percentile":346},"2026-01-13",{"date":354,"score":355,"percentile":356},"2026-01-14",0.94067,0.99898,{"date":358,"score":355,"percentile":356},"2026-01-15",{"date":360,"score":355,"percentile":361},"2026-01-16",0.99897,{"date":363,"score":355,"percentile":361},"2026-01-17",{"date":365,"score":355,"percentile":366},"2026-01-18",0.99896,{"date":368,"score":355,"percentile":361},"2026-01-19",{"date":370,"score":355,"percentile":361},"2026-01-20",{"date":372,"score":355,"percentile":361},"2026-01-21",{"date":374,"score":355,"percentile":361},"2026-01-22",{"date":376,"score":355,"percentile":361},"2026-01-23",{"date":378,"score":355,"percentile":356},"2026-01-24",{"date":380,"score":355,"percentile":356},"2026-01-25",{"date":382,"score":355,"percentile":356},"2026-01-26",{"date":384,"score":355,"percentile":356},"2026-01-27",{"date":386,"score":355,"percentile":346},"2026-01-28",{"date":388,"score":355,"percentile":346},"2026-01-29",{"date":390,"score":355,"percentile":346},"2026-01-30",{"date":392,"score":355,"percentile":393},"2026-01-31",0.999,{"date":395,"score":355,"percentile":396},"2026-02-01",0.99902,[398],{"source":117,"cvss_v2_0":399,"cvss_v3_0":9,"cvss_v3_1":402,"cvss_v4_0":9},{"baseScore":115,"baseSeverity":9,"vectorString":118,"impactScore":400,"exploitabilityScore":401},10,8.6,{"baseScore":403,"baseSeverity":404,"vectorString":405,"impactScore":406,"exploitabilityScore":407},8.8,"HIGH","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,7.2,[409,415,423,433],{"ecosystem":9,"name":410,"vendor":9,"product":410,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":411},"Cacti",[412],{"version":413,"is_range":48,"range_type":414,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.2.8","cpe",{"ecosystem":9,"name":416,"vendor":417,"product":418,"cpe_part":419,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":420},"debian linux","debian","debian_linux","o",[421],{"version":422,"is_range":48,"range_type":414,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":9,"name":424,"vendor":425,"product":424,"cpe_part":419,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":426},"fedora","fedoraproject",[427,429,431],{"version":428,"is_range":48,"range_type":414,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"version":430,"is_range":48,"range_type":414,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"31",{"version":432,"is_range":48,"range_type":414,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"32",{"ecosystem":9,"name":434,"vendor":435,"product":434,"cpe_part":436,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":437},"open-audit","opmantek","a",[438],{"version":439,"is_range":48,"range_type":414,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.3.1"]