cacti -- multiple vulnerabilities

ID 86224A04-26DE-11EA-97F2-001A8C5C04B6
Type freebsd
Reporter FreeBSD
Modified 2019-10-12T00:00:00


The cacti developers reports:

    When viewing graphs, some input variables are not properly checked
    (SQL injection possible).

    Multiple instances of lib/functions.php are affected by unsafe
    deserialization of user-controlled data to populate arrays. An
    authenticated attacker could use this to influence object data
    values and control actions taken by Cacti or potentially cause
    memory corruption in the PHP module.