Lucene search

FreeBSD5198EF84-4FDC-11DF-83FB-0015587E2CC1

HistoryApr 21, 2010 - 12:00 a.m.

cacti -- SQL injection and command execution vulnerabilities

2010-04-2100:00:00

vuxml.freebsd.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.7%

JSON

Bonsai information security reports:

A Vulnerability has been discovered in Cacti, which
can be exploited by any user to conduct SQL Injection
attacks. Input passed via the “export_item_id” parameter
to “templates_export.php” script is not properly sanitized
before being used in a SQL query.

The same source also reported a command execution
vulnerability. This second issue can be exploited by
Cacti users who have the rights to modify device or
graph configurations.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchcacti<= 0.8.7e4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	cacti	<= 0.8.7e4	UNKNOWN

References

www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php

www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.php

www.debian.org/security/2010/dsa-2039

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.7%

JSON

Related for 5198EF84-4FDC-11DF-83FB-0015587E2CC1