data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm.
{ "extracted_events": [ { "introduced": "1.2.8" }, { "last_affected": "1.2.8" } ], "cpe": "cpe:2.3:a:cacti:cacti:1.2.8:*:*:*:*:*:*:*", "source": "CPE_STRING" }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7058.json"