ID OPENVAS:1361412562310800772 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2019-03-01T00:00:00
Description
This host is running Cacti and is prone to SQL injection vulnerability.
##############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_cacti_sql_inj_vuln.nasl 13960 2019-03-01 13:18:27Z cfischer $
#
# Cacti 'export_item_id' Parameter SQL Injection Vulnerability
#
# Authors:
# Madhuri D <dmadhuri@secpod.com>
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:cacti:cacti";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.800772");
script_version("$Revision: 13960 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-01 14:18:27 +0100 (Fri, 01 Mar 2019) $");
script_tag(name:"creation_date", value:"2010-05-13 09:36:55 +0200 (Thu, 13 May 2010)");
script_cve_id("CVE-2010-1431");
script_bugtraq_id(39653);
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Cacti 'export_item_id' Parameter SQL Injection Vulnerability");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2010/0986");
script_xref(name:"URL", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909");
script_xref(name:"URL", value:"http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf");
script_xref(name:"URL", value:"http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Web application abuses");
script_dependencies("cacti_detect.nasl");
script_mandatory_keys("cacti/installed");
script_tag(name:"insight", value:"Input passed to the 'templates_export.php' script via 'export_item_id' is
not properly sanitized before being used in a SQL query.");
script_tag(name:"summary", value:"This host is running Cacti and is prone to SQL injection vulnerability.");
script_tag(name:"solution", value:"Apply the patch provided in the references.");
script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to access, modify or
delete information in the underlying database.");
script_tag(name:"affected", value:"Cacti version 0.8.7e and prior.");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!vers = get_app_version(cpe: CPE, port: port))
exit(0);
if (version_is_less_equal(version: vers, test_version:"0.8.7e")) {
security_message(port: port);
exit(0);
}
exit(0);
{"id": "OPENVAS:1361412562310800772", "bulletinFamily": "scanner", "title": "Cacti 'export_item_id' Parameter SQL Injection Vulnerability", "description": "This host is running Cacti and is prone to SQL injection vulnerability.", "published": "2010-05-13T00:00:00", "modified": "2019-03-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800772", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch", "http://www.vupen.com/english/advisories/2010/0986", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909", "http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf"], "cvelist": ["CVE-2010-1431"], "type": "openvas", "lastseen": "2019-03-04T16:04:46", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-1431"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is running Cacti and is prone to SQL injection vulnerability.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a4c048c1513bb7c6f3dcdfb6046a612f556c35eba97cbe1d956118d4af01dd39", "hashmap": [{"hash": "7802a0c565901f489a8f5f8225f8127d", "key": "modified"}, {"hash": "250c5c876bab2c86e1924d0b6797c7fd", "key": "references"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "df32297d7711cba9170c04cd1fbc17d0", "key": "description"}, {"hash": "63220c0bff5e66744d4b6cff8fd98e90", "key": "sourceData"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "64d708165edc27ada6e6c2fe00c4f22e", "key": "pluginID"}, {"hash": "cf83ecf78b115a30d5e067d2b9b3f9bc", "key": "title"}, {"hash": "82db6d7eefdc19955bb78be9fb178ae1", "key": "reporter"}, {"hash": "ba28662d481de7a7d4b4b225a676857e", "key": "published"}, {"hash": "d297ae88ea339fb2e666066362acc49e", "key": "cvelist"}, {"hash": "212d073eff01aaeb916288627c8f5fc4", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800772", "id": "OPENVAS:1361412562310800772", "lastseen": "2018-02-06T13:05:32", "modified": "2018-02-06T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310800772", "published": "2010-05-13T00:00:00", "references": ["http://www.vupen.com/english/advisories/2010/0986", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909", "http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf"], "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cacti_sql_inj_vuln.nasl 8674 2018-02-06 02:56:44Z ckuersteiner $\n#\n# Cacti 'export_item_id' Parameter SQL Injection Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cacti:cacti\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800772\");\n script_version(\"$Revision: 8674 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-06 03:56:44 +0100 (Tue, 06 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-13 09:36:55 +0200 (Thu, 13 May 2010)\");\n script_cve_id(\"CVE-2010-1431\");\n script_bugtraq_id(39653);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_name(\"Cacti 'export_item_id' Parameter SQL Injection Vulnerability\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.vupen.com/english/advisories/2010/0986\");\n script_xref(name: \"URL\", value: \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909\");\n script_xref(name: \"URL\", value: \"http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"cacti_detect.nasl\");\n script_mandatory_keys(\"cacti/installed\");\n\n script_tag(name: \"insight\", value: \"Input passed to the 'templates_export.php' script via 'export_item_id' is\nnot properly sanitized before being used in a SQL query.\");\n\n script_tag(name: \"summary\", value: \"This host is running Cacti and is prone to SQL injection vulnerability.\");\n\n script_tag(name: \"solution\", value: \"Apply the patch from below link,\nhttp://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch\n\n*****\nNOTE: Ignore this warning, if above mentioned patch is manually applied.\n*****\");\n\n script_tag(name: \"impact\", value: \"Successful exploitation will allow remote attackers to access, modify or\ndelete information in the underlying database.\");\n\n script_tag(name: \"affected\", value: \"Cacti version 0.8.7e and prior.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!vers = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less_equal(version: vers, test_version:\"0.8.7e\")) {\n security_message(port: port);\n exit(0);\n}\n\nexit(0);\n", "title": "Cacti 'export_item_id' Parameter SQL Injection Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-02-06T13:05:32"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-1431"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This host is running Cacti and is prone to SQL injection vulnerability.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "5a35c1b5e93ba682d4c1cbda59d089ea1a87ccbc66fc5d7b0ce6984b213fb57a", "hashmap": [{"hash": "7802a0c565901f489a8f5f8225f8127d", "key": "modified"}, {"hash": "250c5c876bab2c86e1924d0b6797c7fd", "key": "references"}, {"hash": "df32297d7711cba9170c04cd1fbc17d0", "key": "description"}, {"hash": "63220c0bff5e66744d4b6cff8fd98e90", "key": "sourceData"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "64d708165edc27ada6e6c2fe00c4f22e", "key": "pluginID"}, {"hash": "cf83ecf78b115a30d5e067d2b9b3f9bc", "key": "title"}, {"hash": "82db6d7eefdc19955bb78be9fb178ae1", "key": "reporter"}, {"hash": "ba28662d481de7a7d4b4b225a676857e", "key": "published"}, {"hash": "d297ae88ea339fb2e666066362acc49e", "key": "cvelist"}, {"hash": "212d073eff01aaeb916288627c8f5fc4", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800772", "id": "OPENVAS:1361412562310800772", "lastseen": "2018-08-30T19:28:01", "modified": "2018-02-06T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310800772", "published": "2010-05-13T00:00:00", "references": ["http://www.vupen.com/english/advisories/2010/0986", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909", "http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf"], "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cacti_sql_inj_vuln.nasl 8674 2018-02-06 02:56:44Z ckuersteiner $\n#\n# Cacti 'export_item_id' Parameter SQL Injection Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cacti:cacti\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800772\");\n script_version(\"$Revision: 8674 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-06 03:56:44 +0100 (Tue, 06 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-13 09:36:55 +0200 (Thu, 13 May 2010)\");\n script_cve_id(\"CVE-2010-1431\");\n script_bugtraq_id(39653);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_name(\"Cacti 'export_item_id' Parameter SQL Injection Vulnerability\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.vupen.com/english/advisories/2010/0986\");\n script_xref(name: \"URL\", value: \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909\");\n script_xref(name: \"URL\", value: \"http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"cacti_detect.nasl\");\n script_mandatory_keys(\"cacti/installed\");\n\n script_tag(name: \"insight\", value: \"Input passed to the 'templates_export.php' script via 'export_item_id' is\nnot properly sanitized before being used in a SQL query.\");\n\n script_tag(name: \"summary\", value: \"This host is running Cacti and is prone to SQL injection vulnerability.\");\n\n script_tag(name: \"solution\", value: \"Apply the patch from below link,\nhttp://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch\n\n*****\nNOTE: Ignore this warning, if above mentioned patch is manually applied.\n*****\");\n\n script_tag(name: \"impact\", value: \"Successful exploitation will allow remote attackers to access, modify or\ndelete information in the underlying database.\");\n\n script_tag(name: \"affected\", value: \"Cacti version 0.8.7e and prior.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!vers = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less_equal(version: vers, test_version:\"0.8.7e\")) {\n security_message(port: port);\n exit(0);\n}\n\nexit(0);\n", "title": "Cacti 'export_item_id' Parameter SQL Injection Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:28:01"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-1431"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is running Cacti and is prone to SQL injection vulnerability.", "edition": 4, "enchantments": {"dependencies": {"modified": "2018-09-02T00:05:17", "references": [{"idList": ["OPENVAS:830940", "OPENVAS:67353", "OPENVAS:1361412562310830940", "OPENVAS:800772", "OPENVAS:1361412562310100599", "OPENVAS:136141256231067353", "OPENVAS:136141256231067340", "OPENVAS:67340", "OPENVAS:831030", "OPENVAS:1361412562310831030"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:23802", "SECURITYVULNS:VULN:10817"], "type": "securityvulns"}, {"idList": ["SUSE_11_0_CACTI-100427.NASL", "FREEBSD_PKG_5198EF844FDC11DF83FB0015587E2CC1.NASL", "CACTI_087E.NASL"], "type": "nessus"}, {"idList": ["5198EF84-4FDC-11DF-83FB-0015587E2CC1"], "type": "freebsd"}, {"idList": ["EDB-ID:12338"], "type": "exploitdb"}, {"idList": ["CVE-2010-1431"], "type": "cve"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "a4c048c1513bb7c6f3dcdfb6046a612f556c35eba97cbe1d956118d4af01dd39", "hashmap": [{"hash": "7802a0c565901f489a8f5f8225f8127d", "key": "modified"}, {"hash": "250c5c876bab2c86e1924d0b6797c7fd", "key": "references"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "df32297d7711cba9170c04cd1fbc17d0", "key": "description"}, {"hash": "63220c0bff5e66744d4b6cff8fd98e90", "key": "sourceData"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "64d708165edc27ada6e6c2fe00c4f22e", "key": "pluginID"}, {"hash": "cf83ecf78b115a30d5e067d2b9b3f9bc", "key": "title"}, {"hash": "82db6d7eefdc19955bb78be9fb178ae1", "key": "reporter"}, {"hash": "ba28662d481de7a7d4b4b225a676857e", "key": "published"}, {"hash": "d297ae88ea339fb2e666066362acc49e", "key": "cvelist"}, {"hash": "212d073eff01aaeb916288627c8f5fc4", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800772", "id": "OPENVAS:1361412562310800772", "lastseen": "2018-09-02T00:05:17", "modified": "2018-02-06T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310800772", "published": "2010-05-13T00:00:00", "references": ["http://www.vupen.com/english/advisories/2010/0986", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909", "http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf"], "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cacti_sql_inj_vuln.nasl 8674 2018-02-06 02:56:44Z ckuersteiner $\n#\n# Cacti 'export_item_id' Parameter SQL Injection Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cacti:cacti\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800772\");\n script_version(\"$Revision: 8674 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-06 03:56:44 +0100 (Tue, 06 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-13 09:36:55 +0200 (Thu, 13 May 2010)\");\n script_cve_id(\"CVE-2010-1431\");\n script_bugtraq_id(39653);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_name(\"Cacti 'export_item_id' Parameter SQL Injection Vulnerability\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.vupen.com/english/advisories/2010/0986\");\n script_xref(name: \"URL\", value: \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909\");\n script_xref(name: \"URL\", value: \"http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"cacti_detect.nasl\");\n script_mandatory_keys(\"cacti/installed\");\n\n script_tag(name: \"insight\", value: \"Input passed to the 'templates_export.php' script via 'export_item_id' is\nnot properly sanitized before being used in a SQL query.\");\n\n script_tag(name: \"summary\", value: \"This host is running Cacti and is prone to SQL injection vulnerability.\");\n\n script_tag(name: \"solution\", value: \"Apply the patch from below link,\nhttp://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch\n\n*****\nNOTE: Ignore this warning, if above mentioned patch is manually applied.\n*****\");\n\n script_tag(name: \"impact\", value: \"Successful exploitation will allow remote attackers to access, modify or\ndelete information in the underlying database.\");\n\n script_tag(name: \"affected\", value: \"Cacti version 0.8.7e and prior.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!vers = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less_equal(version: vers, test_version:\"0.8.7e\")) {\n security_message(port: port);\n exit(0);\n}\n\nexit(0);\n", "title": "Cacti 'export_item_id' Parameter SQL Injection Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-02T00:05:17"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-1431"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is running Cacti and is prone to SQL injection\n vulnerability.", "edition": 1, "enchantments": {"score": {"modified": "2018-01-18T11:04:29", "value": 7.5}}, "hash": "def02599ffbf83dbbbb54f2d7fbce57c4e126afaff379defcde5304efb7fc151", "hashmap": [{"hash": "a5756b7867fe5de531dd6d42e72fbe7b", "key": "sourceData"}, {"hash": "250c5c876bab2c86e1924d0b6797c7fd", "key": "references"}, {"hash": "ee0b2a19da285757f5b5bf6dc5d373c7", "key": "modified"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "64d708165edc27ada6e6c2fe00c4f22e", "key": "pluginID"}, {"hash": "cf83ecf78b115a30d5e067d2b9b3f9bc", "key": "title"}, {"hash": "82db6d7eefdc19955bb78be9fb178ae1", "key": "reporter"}, {"hash": "ba28662d481de7a7d4b4b225a676857e", "key": "published"}, {"hash": "d297ae88ea339fb2e666066362acc49e", "key": "cvelist"}, {"hash": "4cea5da2f51284b615b0d74aed9adb82", "key": "description"}, {"hash": "212d073eff01aaeb916288627c8f5fc4", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800772", "id": "OPENVAS:1361412562310800772", "lastseen": "2018-01-18T11:04:29", "modified": "2018-01-17T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310800772", "published": "2010-05-13T00:00:00", "references": ["http://www.vupen.com/english/advisories/2010/0986", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909", "http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf"], "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cacti_sql_inj_vuln.nasl 8447 2018-01-17 16:12:19Z teissa $\n#\n# Cacti 'export_item_id' Parameter SQL Injection Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to access, modify or delete\n information in the underlying database.\n Impact Level: Application.\";\ntag_affected = \"Cacti version 0.8.7e and prior.\";\n\ntag_solution = \"Apply the patch from below link,\n http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch\n\n *****\n NOTE: Ignore this warning, if above mentioned patch is manually applied.\n *****\";\n\ntag_insight = \"Input passed to the 'templates_export.php' script via 'export_item_id' is\n not properly sanitized before being used in a SQL query.\";\ntag_summary = \"This host is running Cacti and is prone to SQL injection\n vulnerability.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800772\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-13 09:36:55 +0200 (Thu, 13 May 2010)\");\n script_cve_id(\"CVE-2010-1431\");\n script_bugtraq_id(39653);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Cacti 'export_item_id' Parameter SQL Injection Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/0986\");\n script_xref(name : \"URL\" , value : \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909\");\n script_xref(name : \"URL\" , value : \"http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"cacti_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nctPort = get_http_port(default:80);\nif(!get_port_state(ctPort)){\n exit(0);\n}\n\n## Get Cacti version from KB\nctVer = get_kb_item(\"www/\"+ ctPort + \"/cacti\");\nif(!ctVer){\n exit(0);\n}\n\n## Check for the Cacti version\nif(ctVer[1] != NULL)\n{\n if(version_is_less_equal(version:ctVer[1], test_version:\"0.8.7e\")){\n security_message(ctPort);\n }\n}\n", "title": "Cacti 'export_item_id' Parameter SQL Injection Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["description", "modified", "sourceData"], "edition": 1, "lastseen": "2018-01-18T11:04:29"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "d297ae88ea339fb2e666066362acc49e"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "df32297d7711cba9170c04cd1fbc17d0"}, {"key": "href", "hash": "212d073eff01aaeb916288627c8f5fc4"}, {"key": "modified", "hash": "87dffd259dd88534eee7808f3cb5f31a"}, {"key": "naslFamily", "hash": "55199d25018fbdb9b50e6b64d444c3a4"}, {"key": "pluginID", "hash": "64d708165edc27ada6e6c2fe00c4f22e"}, {"key": "published", "hash": "ba28662d481de7a7d4b4b225a676857e"}, {"key": "references", "hash": "e851adf16c64809031e17fef0101eda9"}, {"key": "reporter", "hash": "82db6d7eefdc19955bb78be9fb178ae1"}, {"key": "sourceData", "hash": "a688466dec44cb71ab915230d6c5e322"}, {"key": "title", "hash": "cf83ecf78b115a30d5e067d2b9b3f9bc"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "4b41fd65955bd57eefe83c5078b0b08eada2c9adc79871ee2620c6539603c106", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-1431"]}, {"type": "nessus", "idList": ["SUSE_11_0_CACTI-100427.NASL", "FREEBSD_PKG_5198EF844FDC11DF83FB0015587E2CC1.NASL", "CACTI_087E.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:67353", "OPENVAS:136141256231067340", "OPENVAS:1361412562310100599", "OPENVAS:830940", "OPENVAS:1361412562310831030", "OPENVAS:831030", "OPENVAS:800772", "OPENVAS:1361412562310830940", "OPENVAS:67340", "OPENVAS:136141256231067353"]}, {"type": "exploitdb", "idList": ["EDB-ID:12338"]}, {"type": "freebsd", "idList": ["5198EF84-4FDC-11DF-83FB-0015587E2CC1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23802", "SECURITYVULNS:VULN:10817"]}], "modified": "2019-03-04T16:04:46"}, "score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cacti_sql_inj_vuln.nasl 13960 2019-03-01 13:18:27Z cfischer $\n#\n# Cacti 'export_item_id' Parameter SQL Injection Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cacti:cacti\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800772\");\n script_version(\"$Revision: 13960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-01 14:18:27 +0100 (Fri, 01 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-13 09:36:55 +0200 (Thu, 13 May 2010)\");\n script_cve_id(\"CVE-2010-1431\");\n script_bugtraq_id(39653);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_name(\"Cacti 'export_item_id' Parameter SQL Injection Vulnerability\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/0986\");\n script_xref(name:\"URL\", value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf\");\n script_xref(name:\"URL\", value:\"http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"cacti_detect.nasl\");\n script_mandatory_keys(\"cacti/installed\");\n\n script_tag(name:\"insight\", value:\"Input passed to the 'templates_export.php' script via 'export_item_id' is\n not properly sanitized before being used in a SQL query.\");\n\n script_tag(name:\"summary\", value:\"This host is running Cacti and is prone to SQL injection vulnerability.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch provided in the references.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to access, modify or\n delete information in the underlying database.\");\n\n script_tag(name:\"affected\", value:\"Cacti version 0.8.7e and prior.\");\n\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!vers = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less_equal(version: vers, test_version:\"0.8.7e\")) {\n security_message(port: port);\n exit(0);\n}\n\nexit(0);", "naslFamily": "Web application abuses", "pluginID": "1361412562310800772", "scheme": null}
{"cve": [{"lastseen": "2016-09-03T13:47:31", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.", "modified": "2012-02-15T23:02:39", "published": "2010-05-04T12:00:35", "id": "CVE-2010-1431", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1431", "type": "cve", "title": "CVE-2010-1431", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:03", "bulletinFamily": "scanner", "description": "Cacti is prone to multiple input-validation vulnerabilities because it\nfails to adequately sanitize user-supplied input. These\nvulnerabilities include SQL-injection and command-injection issues.\n\nExploiting these issues can allow an attacker to compromise the\napplication, access or modify data, or exploit latent vulnerabilities\nin the underlying database. Other attacks may also be possible.\n\nCacti 0.8.7e is vulnerable; other versions may also be affected.", "modified": "2017-02-10T00:00:00", "published": "2010-04-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=100599", "id": "OPENVAS:100599", "title": "Cacti Multiple Input Validation Security Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cacti_39639.nasl 5263 2017-02-10 13:45:51Z teissa $\n#\n# Cacti Multiple Input Validation Security Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"Cacti is prone to multiple input-validation vulnerabilities because it\nfails to adequately sanitize user-supplied input. These\nvulnerabilities include SQL-injection and command-injection issues.\n\nExploiting these issues can allow an attacker to compromise the\napplication, access or modify data, or exploit latent vulnerabilities\nin the underlying database. Other attacks may also be possible.\n\nCacti 0.8.7e is vulnerable; other versions may also be affected.\";\n\ntag_solution = \"Updates are available to address the SQL-injection issue. Please see\nthe references for more information.\";\n\nif (description)\n{\n script_id(100599);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-23 13:12:25 +0200 (Fri, 23 Apr 2010)\");\n script_cve_id(\"CVE-2010-1431\");\n script_bugtraq_id(39639);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Cacti Multiple Input Validation Security Vulnerabilities\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/39639\");\n script_xref(name : \"URL\" , value : \"http://cacti.net/\");\n script_xref(name : \"URL\" , value : \"http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php\");\n script_xref(name : \"URL\" , value : \"http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.php\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"cacti_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\n\nif (!can_host_php(port:port)) exit(0);\n\nif(vers = get_version_from_kb(port:port,app:\"cacti\")) {\n\n if(version_is_less(version: vers, test_version: \"0.8.7e\")) {\n security_message(port:port);\n exit(0);\n }\n\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:09:48", "bulletinFamily": "scanner", "description": "This host is running Cacti and is prone to SQL injection\n vulnerability.", "modified": "2017-02-10T00:00:00", "published": "2010-05-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800772", "id": "OPENVAS:800772", "title": "Cacti 'export_item_id' Parameter SQL Injection Vulnerability", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cacti_sql_inj_vuln.nasl 5263 2017-02-10 13:45:51Z teissa $\n#\n# Cacti 'export_item_id' Parameter SQL Injection Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to access, modify or delete\n information in the underlying database.\n Impact Level: Application.\";\ntag_affected = \"Cacti version 0.8.7e and prior.\";\n\ntag_solution = \"Apply the patch from below link,\n http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch\n\n *****\n NOTE: Ignore this warning, if above mentioned patch is manually applied.\n *****\";\n\ntag_insight = \"Input passed to the 'templates_export.php' script via 'export_item_id' is\n not properly sanitized before being used in a SQL query.\";\ntag_summary = \"This host is running Cacti and is prone to SQL injection\n vulnerability.\";\n\nif(description)\n{\n script_id(800772);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-13 09:36:55 +0200 (Thu, 13 May 2010)\");\n script_cve_id(\"CVE-2010-1431\");\n script_bugtraq_id(39653);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Cacti 'export_item_id' Parameter SQL Injection Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/0986\");\n script_xref(name : \"URL\" , value : \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909\");\n script_xref(name : \"URL\" , value : \"http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"cacti_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nctPort = get_http_port(default:80);\nif(!get_port_state(ctPort)){\n exit(0);\n}\n\n## Get Cacti version from KB\nctVer = get_kb_item(\"www/\"+ ctPort + \"/cacti\");\nif(!ctVer){\n exit(0);\n}\n\n## Check for the Cacti version\nif(ctVer[1] != NULL)\n{\n if(version_is_less_equal(version:ctVer[1], test_version:\"0.8.7e\")){\n security_message(ctPort);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update to cacti\nannounced via advisory DSA 2039-1.", "modified": "2017-07-07T00:00:00", "published": "2010-05-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67340", "id": "OPENVAS:67340", "title": "Debian Security Advisory DSA 2039-1 (cacti)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2039_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2039-1 (cacti)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Cacti, a frontend to rrdtool for monitoring\nsystems and services missed input sanitising, making an SQL injection\nattack possible.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your cacti package.\";\ntag_summary = \"The remote host is missing an update to cacti\nannounced via advisory DSA 2039-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202039-1\";\n\n\nif(description)\n{\n script_id(67340);\n script_cve_id(\"CVE-2010-1431\");\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 2039-1 (cacti)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cacti\", ver:\"0.8.7b-2.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:17", "bulletinFamily": "scanner", "description": "Check for the Version of kvm", "modified": "2017-12-29T00:00:00", "published": "2010-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830940", "id": "OPENVAS:1361412562310830940", "type": "openvas", "title": "Mandriva Update for kvm MDVA-2010:092 (kvm)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for kvm MDVA-2010:092 (kvm)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kvm on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"This update adds module preloading to simplify the use of kvm. Proper\n module will be loaded only if hardware configuration supports it.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00009.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830940\");\n script_version(\"$Revision: 8258 $\");\n script_cve_id(\"CVE-2010-1431\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:092\");\n script_name(\"Mandriva Update for kvm MDVA-2010:092 (kvm)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kvm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kvm-74\", rpm:\"kvm-74~7.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-04T16:04:50", "bulletinFamily": "scanner", "description": "Cacti is prone to multiple input-validation vulnerabilities because it fails\n to adequately sanitize user-supplied input. These vulnerabilities include SQL-injection and command-injection issues.", "modified": "2019-03-01T00:00:00", "published": "2010-04-23T00:00:00", "id": "OPENVAS:1361412562310100599", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100599", "title": "Cacti Multiple Input Validation Security Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cacti_39639.nasl 13960 2019-03-01 13:18:27Z cfischer $\n#\n# Cacti Multiple Input Validation Security Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cacti:cacti\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100599\");\n script_version(\"$Revision: 13960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-01 14:18:27 +0100 (Fri, 01 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-23 13:12:25 +0200 (Fri, 23 Apr 2010)\");\n script_cve_id(\"CVE-2010-1431\");\n script_bugtraq_id(39639);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Cacti Multiple Input Validation Security Vulnerabilities\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/39639\");\n script_xref(name:\"URL\", value:\"http://cacti.net/\");\n script_xref(name:\"URL\", value:\"http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php\");\n script_xref(name:\"URL\", value:\"http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.php\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"cacti_detect.nasl\");\n script_mandatory_keys(\"cacti/installed\");\n\n script_tag(name:\"solution\", value:\"Updates are available to address the SQL-injection issue. Please see the\n references for more information.\");\n\n script_tag(name:\"summary\", value:\"Cacti is prone to multiple input-validation vulnerabilities because it fails\n to adequately sanitize user-supplied input. These vulnerabilities include SQL-injection and command-injection issues.\");\n\n script_tag(name:\"impact\", value:\"Exploiting these issues can allow an attacker to compromise the application, access or\n modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.\");\n\n script_tag(name:\"affected\", value:\"Cacti 0.8.7e is vulnerable. Other versions may also be affected.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!vers = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less(version: vers, test_version: \"0.8.7e\")) {\n report = report_fixed_ver(installed_version: vers, fixed_version: \"0.8.7e\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:33", "bulletinFamily": "scanner", "description": "Check for the Version of kvm", "modified": "2017-12-14T00:00:00", "published": "2010-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830940", "id": "OPENVAS:830940", "title": "Mandriva Update for kvm MDVA-2010:092 (kvm)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for kvm MDVA-2010:092 (kvm)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kvm on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"This update adds module preloading to simplify the use of kvm. Proper\n module will be loaded only if hardware configuration supports it.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00009.php\");\n script_id(830940);\n script_version(\"$Revision: 8109 $\");\n script_cve_id(\"CVE-2010-1431\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:092\");\n script_name(\"Mandriva Update for kvm MDVA-2010:092 (kvm)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kvm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kvm-74\", rpm:\"kvm-74~7.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:53:58", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-12-21T00:00:00", "published": "2010-05-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067353", "id": "OPENVAS:136141256231067353", "type": "openvas", "title": "FreeBSD Ports: cacti", "sourceData": "#\n#VID 5198ef84-4fdc-11df-83fb-0015587e2cc1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 5198ef84-4fdc-11df-83fb-0015587e2cc1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: cacti\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php\nhttp://www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.php\nhttp://www.debian.org/security/2010/dsa-2039\nhttp://www.vuxml.org/freebsd/5198ef84-4fdc-11df-83fb-0015587e2cc1.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67353\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_cve_id(\"CVE-2010-1431\");\n script_name(\"FreeBSD Ports: cacti\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"cacti\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8.7e4\")<=0) {\n txt += 'Package cacti version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:15", "bulletinFamily": "scanner", "description": "Check for the Version of cacti", "modified": "2017-12-26T00:00:00", "published": "2010-05-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831030", "id": "OPENVAS:831030", "title": "Mandriva Update for cacti MDVSA-2010:092 (cacti)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cacti MDVSA-2010:092 (cacti)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in cacti:\n\n SQL injection vulnerability in templates_export.php in Cacti 0.8.7e\n and earlier allows remote attackers to execute arbitrary SQL commands\n via the export_item_id parameter (CVE-2010-1431).\n \n Additionally cacti has been upgraded to 0.8.7e for Corporate Server 4.\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cacti on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-05/msg00007.php\");\n script_id(831030);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-07 15:42:01 +0200 (Fri, 07 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:092\");\n script_cve_id(\"CVE-2010-1431\");\n script_name(\"Mandriva Update for cacti MDVSA-2010:092 (cacti)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cacti\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cacti\", rpm:\"cacti~0.8.7e~11.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update to cacti\nannounced via advisory DSA 2039-1.", "modified": "2017-12-22T00:00:00", "published": "2010-05-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067340", "id": "OPENVAS:136141256231067340", "title": "Debian Security Advisory DSA 2039-1 (cacti)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2039_1.nasl 8228 2017-12-22 07:29:52Z teissa $\n# Description: Auto-generated from advisory DSA 2039-1 (cacti)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Cacti, a frontend to rrdtool for monitoring\nsystems and services missed input sanitising, making an SQL injection\nattack possible.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your cacti package.\";\ntag_summary = \"The remote host is missing an update to cacti\nannounced via advisory DSA 2039-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202039-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67340\");\n script_cve_id(\"CVE-2010-1431\");\n script_version(\"$Revision: 8228 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 08:29:52 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 2039-1 (cacti)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cacti\", ver:\"0.8.7b-2.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:09:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-09T00:00:00", "published": "2010-05-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67353", "id": "OPENVAS:67353", "title": "FreeBSD Ports: cacti", "type": "openvas", "sourceData": "#\n#VID 5198ef84-4fdc-11df-83fb-0015587e2cc1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 5198ef84-4fdc-11df-83fb-0015587e2cc1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: cacti\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php\nhttp://www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.php\nhttp://www.debian.org/security/2010/dsa-2039\nhttp://www.vuxml.org/freebsd/5198ef84-4fdc-11df-83fb-0015587e2cc1.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67353);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 5245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-09 09:57:08 +0100 (Thu, 09 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_cve_id(\"CVE-2010-1431\");\n script_name(\"FreeBSD Ports: cacti\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"cacti\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8.7e4\")<=0) {\n txt += 'Package cacti version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:092\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : cacti\r\n Date : May 6, 2010\r\n Affected: Corporate 4.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been found and corrected in cacti:\r\n \r\n SQL injection vulnerability in templates_export.php in Cacti 0.8.7e\r\n and earlier allows remote attackers to execute arbitrary SQL commands\r\n via the export_item_id parameter (CVE-2010-1431).\r\n \r\n Additionally cacti has been upgraded to 0.8.7e for Corporate Server 4.\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1431\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Corporate 4.0:\r\n 2f3d03d69004d2b28558482d10e216ea corporate/4.0/i586/cacti-0.8.7e-0.1.20060mlcs4.noarch.rpm \r\n f0e0ff07e7ac616ebff35462b5ffa50f corporate/4.0/SRPMS/cacti-0.8.7e-0.1.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 86170ffeee1bc83e01a3b77a6b40f329 corporate/4.0/x86_64/cacti-0.8.7e-0.1.20060mlcs4.noarch.rpm \r\n f0e0ff07e7ac616ebff35462b5ffa50f corporate/4.0/SRPMS/cacti-0.8.7e-0.1.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 2acb4fdcbf42d3fcd3741a5a3512dd4b mes5/i586/cacti-0.8.7e-11.1mdvmes5.1.noarch.rpm \r\n 3d72b27fdf373d02a966292cd543fe76 mes5/SRPMS/cacti-0.8.7e-11.1mdvmes5.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n ec13040e7536fb994b1b3126cdd21daa mes5/x86_64/cacti-0.8.7e-11.1mdvmes5.1.noarch.rpm \r\n 3d72b27fdf373d02a966292cd543fe76 mes5/SRPMS/cacti-0.8.7e-11.1mdvmes5.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFL4wRRmqjQ0CJFipgRAnopAKCKzKP6ETA7CehR2ndSsCh48xVmbACfV2b3\r\nI/4h+vy4DxQgtjU2nDIV1og=\r\n=Mn+A\r\n-----END PGP SIGNATURE-----", "modified": "2010-05-11T00:00:00", "published": "2010-05-11T00:00:00", "id": "SECURITYVULNS:DOC:23802", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23802", "title": "[ MDVSA-2010:092 ] cacti", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:36", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2010-05-13T00:00:00", "published": "2010-05-13T00:00:00", "id": "SECURITYVULNS:VULN:10817", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10817", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:21", "bulletinFamily": "unix", "description": "\nBonsai information security reports:\n\nA Vulnerability has been discovered in Cacti, which\n\t can be exploited by any user to conduct SQL Injection\n\t attacks. Input passed via the \"export_item_id\" parameter\n\t to \"templates_export.php\" script is not properly sanitized\n\t before being used in a SQL query.\n\nThe same source also reported a command execution\n\t vulnerability. This second issue can be exploited by\n\t Cacti users who have the rights to modify device or\n\t graph configurations.\n", "modified": "2013-06-16T00:00:00", "published": "2010-04-21T00:00:00", "id": "5198EF84-4FDC-11DF-83FB-0015587E2CC1", "href": "https://vuxml.freebsd.org/freebsd/5198ef84-4fdc-11df-83fb-0015587e2cc1.html", "title": "cacti -- SQL injection and command execution vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:13:19", "bulletinFamily": "scanner", "description": "Missing input sanitation in the template export feature allowed for SQL injection attacks (CVE-2010-1431).", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_0_CACTI-100427.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46185", "published": "2010-04-30T00:00:00", "title": "openSUSE Security Update : cacti (openSUSE-SU-2010:0181-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update cacti-2365.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46185);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:58\");\n\n script_cve_id(\"CVE-2010-1431\");\n\n script_name(english:\"openSUSE Security Update : cacti (openSUSE-SU-2010:0181-1)\");\n script_summary(english:\"Check for the cacti-2365 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Missing input sanitation in the template export feature allowed for\nSQL injection attacks (CVE-2010-1431).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=599239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-04/msg00089.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cacti package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cacti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"cacti-0.8.7e-0.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cacti\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:18", "bulletinFamily": "scanner", "description": "Bonsai information security reports :\n\nA Vulnerability has been discovered in Cacti, which can be exploited by any user to conduct SQL Injection attacks. Input passed via the 'export_item_id' parameter to 'templates_export.php' script is not properly sanitized before being used in a SQL query.\n\nThe same source also reported a command execution vulnerability. This second issue can be exploited by Cacti users who have the rights to modify device or graph configurations.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_5198EF844FDC11DF83FB0015587E2CC1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45614", "published": "2010-04-26T00:00:00", "title": "FreeBSD : cacti -- SQL injection and command execution vulnerabilities (5198ef84-4fdc-11df-83fb-0015587e2cc1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45614);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:42\");\n\n script_cve_id(\"CVE-2010-1431\");\n script_xref(name:\"DSA\", value:\"2039\");\n\n script_name(english:\"FreeBSD : cacti -- SQL injection and command execution vulnerabilities (5198ef84-4fdc-11df-83fb-0015587e2cc1)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bonsai information security reports :\n\nA Vulnerability has been discovered in Cacti, which can be exploited\nby any user to conduct SQL Injection attacks. Input passed via the\n'export_item_id' parameter to 'templates_export.php' script is not\nproperly sanitized before being used in a SQL query.\n\nThe same source also reported a command execution vulnerability. This\nsecond issue can be exploited by Cacti users who have the rights to\nmodify device or graph configurations.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=146021\"\n );\n # http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39e1a6fb\"\n );\n # http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?554da6c4\"\n );\n # https://vuxml.freebsd.org/freebsd/5198ef84-4fdc-11df-83fb-0015587e2cc1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3786fc75\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:cacti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"cacti<=0.8.7e4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:19", "bulletinFamily": "scanner", "description": "According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.7f. It is, therefore, potentially affected by the following vulnerabilities :\n\n - A vulnerability exists in 'templates_export.php' due to improper validation of input to the 'export_item_id' parameter. A remote attacker can exploit this to inject SQL queries to disclose arbitrary data. (CVE-2010-1431)\n\n - Cross-site scripting vulnerabilities exist related to the 'host_id' parameter of 'data_sources.php', or the 'hostname' and 'description' parameters of 'host.php', which a remote attacker can exploit to inject arbitrary web script or HTML. (CVE-2010-1644)\n\n - A SQL injection vulnerability in 'graph.php' exists which can be exploited by a remote attacker using specially crafted GET requests to the 'rra_id' parameter which can cause a corresponding POST request or cookie to bypass proper validation. (CVE-2010-2092)", "modified": "2018-11-15T00:00:00", "id": "CACTI_087E.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46222", "published": "2010-05-04T00:00:00", "title": "Cacti < 0.8.7f Multiple Input Validation Vulnerabilities", "type": "nessus", "sourceData": "\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\nscript_id(46222);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/15 20:50:16\");\n\n script_cve_id(\"CVE-2010-1431\", \"CVE-2010-1644\", \"CVE-2010-2092\");\n script_bugtraq_id(39653, 40149, 40332);\n script_xref(name:\"Secunia\", value:\"39570\");\n\n script_name(english:\"Cacti < 0.8.7f Multiple Input Validation Vulnerabilities\");\n script_summary(english:\"Checks the version of Cacti.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is running a PHP application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\",value:\n\"According to its self-reported version number, the Cacti application\nrunning on the remote web server is prior to version 0.8.7f. It is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - A vulnerability exists in 'templates_export.php' due to\n improper validation of input to the 'export_item_id'\n parameter. A remote attacker can exploit this to inject\n SQL queries to disclose arbitrary data. (CVE-2010-1431)\n\n - Cross-site scripting vulnerabilities exist related to\n the 'host_id' parameter of 'data_sources.php', or the\n 'hostname' and 'description' parameters of 'host.php',\n which a remote attacker can exploit to inject arbitrary\n web script or HTML. (CVE-2010-1644)\n\n - A SQL injection vulnerability in 'graph.php' exists\n which can be exploited by a remote attacker using\n specially crafted GET requests to the 'rra_id' parameter\n which can cause a corresponding POST request or cookie\n to bypass proper validation. (CVE-2010-2092)\");\n # http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?39e1a6fb\");\n # http://www.php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49d1a123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/511393/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cacti.net/release_notes_0_8_7f.php\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Cacti 0.8.7f or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/04\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cacti:cacti\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cacti_detect.nasl\");\n script_require_keys(\"installed_sw/cacti\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = 'cacti';\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\ninstall = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);\ninstall_url = build_url(qs:install['path'], port:port);\n\n# Versions < 0.8.7f are affected.\nver = split(install['version'], sep:'.', keep:FALSE);\nif (\n (int(ver[0]) == 0) &&\n (\n (int(ver[1]) < 8) ||\n (int(ver[1]) == 8 && ver[2] =~ '^([0-6][a-z]?|7[a-e]?)$')\n )\n)\n{\n set_kb_item(name:'www/'+port+'/SQLInjection', value:TRUE);\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n if (report_verbosity > 0)\n {\n report = '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 0.8.7e' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, \"Cacti\", install_url, install['version']);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-01T16:15:09", "bulletinFamily": "exploit", "description": "SQL Injection in Cacti Version. CVE-2010-1431. Webapps exploit for php platform", "modified": "2010-04-22T00:00:00", "published": "2010-04-22T00:00:00", "id": "EDB-ID:12338", "href": "https://www.exploit-db.com/exploits/12338/", "type": "exploitdb", "title": "Cacti <= 0.8.7e - SQL Injection", "sourceData": "CVSSv2 Score: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C)\r\nA Vulnerability has been discovered in Cacti, which can be exploited by any\r\nuser to conduct SQL Injection attacks.\r\nInput passed via the \u201cexport_item_id\u201d parameter to \u201ctemplates_export.php\u201d\r\nscript is not properly sanitized before being used in a SQL query.\r\nThis can be exploited to manipulate SQL queries by injecting arbitrary SQL\r\ncode.\r\nThe following is a Proof of Concept POST request:\r\nPOST /cacti-0.8.7e/templates_export.php HTTP/1.1\r\nHost: 192.168.1.107\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-us,en;q=0.5\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nProxy-Connection: keep-alive\r\nReferer: http://192.168.1.107/cacti-0.8.7e/templates_export.php\r\nCookie: Cacti=563bb99868dfa24cc70982bf80c5c03e\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 130\r\nexport_item_id=18 and 1=1&include_deps=on&output_format=3&export_type=graph_template&save_component_export=1&action=save&x=24&y=12\r\n\r\n===========================================================================\r\nDownload:\r\n===========================================================================\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/12338.pdf (Bonsai-SQL_Injection_in_Cacti.pdf)\r\n\r\n\r\n<Bonsai Information Security Advisories>\r\nhttp://www.bonsai-sec.com/en/research/vulnerability.php", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/12338/"}]}
