Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-3423-1
HistoryDec 16, 2015 - 12:00 a.m.

cacti - security update

2015-12-1600:00:00
Google
osv.dev
3
JSON

Several SQL injection vulnerabilities have been discovered in Cacti, an
RRDTool frontend written in PHP. Specially crafted input can be used by
an attacker in the rra_id value of the graph.php script to execute
arbitrary SQL commands on the database.

For the oldstable distribution (wheezy), this problem has been fixed
in version 0.8.8a+dfsg-5+deb7u7.

For the stable distribution (jessie), this problem has been fixed in
version 0.8.8b+dfsg-8+deb8u3.

For the testing distribution (stretch), this problem has been fixed
in version 0.8.8f+ds1-3.

For the unstable distribution (sid), this problem has been fixed in
version 0.8.8f+ds1-3.

We recommend that you upgrade your cacti packages.

JSON