Lucene search
This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.CACTI_088B.NASLHistoryAug 12, 2013 - 12:00 a.m.
Cacti < 0.8.8b Command and SQL Injections
2013-08-1200:00:00
This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
36
According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.8b. It is, therefore, potentially affected by command injection and SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input to various scripts. An attacker may be able to exploit these issues to execute arbitrary code as well as access or modify the underlying database for the application.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(69306);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2013-1434", "CVE-2013-1435");
script_bugtraq_id(61657, 61847);
script_name(english:"Cacti < 0.8.8b Command and SQL Injections");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is running a PHP application that is affected by
command injection and SQL injection vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Cacti application
running on the remote web server is prior to version 0.8.8b. It is,
therefore, potentially affected by command injection and SQL injection
vulnerabilities because the application fails to properly sanitize
user-supplied input to various scripts. An attacker may be able to
exploit these issues to execute arbitrary code as well as access or
modify the underlying database for the application.");
script_set_attribute(attribute:"see_also", value:"http://www.cacti.net/release_notes_0_8_8b.php");
script_set_attribute(attribute:"see_also", value:"http://permalink.gmane.org/gmane.comp.security.oss.general/10816");
script_set_attribute(attribute:"solution", value:
"Upgrade to Cacti 0.8.8b or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/05");
script_set_attribute(attribute:"patch_publication_date", value:"2013/08/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/12");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cacti:cacti");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cacti_detect.nasl");
script_require_keys("www/PHP", "installed_sw/cacti", "Settings/ParanoidReport");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
app = 'cacti';
get_install_count(app_name:app, exit_if_zero:TRUE);
port = get_http_port(default:80, php:TRUE);
install = get_single_install(
app_name : app,
port : port,
exit_if_unknown_ver : TRUE
);
install_url = build_url(qs:install['path'], port:port);
version = install['version'];
# Versions < 0.8.8b are affected.
ver = split(version, sep:'.', keep:FALSE);
if (
int(ver[0]) == 0 &&
(
int(ver[1]) < 8 ||
(int(ver[1]) == 8 && ver[2] =~ '^([0-7][a-z]?|8[a]?)$')
)
)
{
set_kb_item(name:'www/'+port+'/SQLInjection', value:TRUE);
if (report_verbosity > 0)
{
report = '\n URL : ' + install_url +
'\n Installed version : ' + version +
'\n Fixed version : 0.8.8b' +
'\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
audit(AUDIT_WEB_APP_NOT_AFFECTED, "Cacti", install_url, version);
Related
nessus
nessus
Amazon Linux AMI : cacti (ALAS-2013-222)
2013-10-01 00:00:00
openSUSE Security Update : cacti (openSUSE-SU-2013:1377-1)
2014-06-13 00:00:00
Fedora 18 : cacti-0.8.8b-1.fc18 (2013-14454)
2013-08-20 00:00:00
openvas
openvas
Fedora Update for cacti FEDORA-2013-14454
2013-08-20 00:00:00
Fedora Update for cacti FEDORA-2013-14454
2013-08-20 00:00:00
Debian Security Advisory DSA 2739-1 (cacti - several vulnerabilities)
2013-08-21 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: cacti-0.8.8b-1.fc18
2013-08-18 00:35:50
[SECURITY] Fedora 19 Update: cacti-0.8.8b-1.fc19
2013-08-18 00:32:44
freebsd
freebsd
cacti -- allow remote attackers to execute arbitrary SQL commands
2013-08-06 00:00:00
debian
debian
[SECURITY] [DSA 2739-1] cacti security update
2013-08-21 19:51:05
amazon
amazon
Medium: cacti
2013-09-04 13:33:00
prion
prion
Code injection
2013-08-23 16:55:00
Sql injection
2013-08-23 16:55:00
cve
cve
CVE-2013-1435
2013-08-23 16:55:00
CVE-2013-1434
2013-08-23 16:55:00
ubuntucve
ubuntucve
CVE-2013-1435
2013-08-23 00:00:00
CVE-2013-1434
2013-08-23 00:00:00
debiancve
debiancve
CVE-2013-1435
2013-08-23 16:55:00
CVE-2013-1434
2013-08-23 16:55:00
gentoo
gentoo
Cacti: Multiple vulnerabilities
2014-01-21 00:00:00
securityvulns
securityvulns
Related for CACTI_088B.NASL