Cacti versions prior to 0.8.8d suffer from remote SQL injection and header injection vulnerabilities.
3e823ac472067243035504e5783afe8875d2bc6dade55e315ed703166b3ea9b8#############################################################################
#
# DBAPPSECURITY LIMITED http://www.dbappsecurity.com.cn/
#
#############################################################################
#
# CVE ID: CVE-2015-4342
# Product: cacti
# Subject: SQL Injection and Location header injection from cdef id
# Author: unhex
# Date: June 9th 2015
#
#############################################################################
The following issue has been RESOLVED.
======================================================================
http://bugs.cacti.net/view.php?id=2571
======================================================================
Reported By: unhex
Assigned To: rony
======================================================================
Project: Cacti
Issue ID: 2571
Category: Database
Reproducibility: always
Severity: feature
Priority: normal
Status: resolved
Resolution: fixed
Fixed in Version: 0.8.8d
======================================================================
Date Submitted: 2015-06-02 23:39 EDT
Last Modified: 2015-06-08 11:51 EDT
======================================================================
Summary: SQL Injection and Location header injection from
cdef id
Description:
I found the security vulnerability.U can receive the attachment.
======================================================================
----------------------------------------------------------------------
(0006864) rony (administrator) - 2015-06-08 11:51
http://bugs.cacti.net/view.php?id=2571#c6864
----------------------------------------------------------------------
Issue resolved.
Issue History
Date Modified Username Field Change
======================================================================
2015-06-02 23:39 unhex New Issue
2015-06-03 02:30 Linegod Status new => assigned
2015-06-03 02:30 Linegod Assigned To => cigamit
2015-06-06 07:26 unhex Note Added: 0006863
2015-06-08 11:48 rony Assigned To cigamit => rony
2015-06-08 11:49 rony Fixed in Version => 0.8.8d
2015-06-08 11:49 rony Summary a security
vulnerability => SQL Injection and Location header injection from cdef id
2015-06-08 11:51 rony Note Added: 0006864
2015-06-08 11:51 rony Status assigned => resolved
2015-06-08 11:51 rony Resolution open => fixed
======================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed