Lucene search

PRIOn knowledge basePRION:CVE-2010-1431

HistoryMay 04, 2010 - 4:00 p.m.

Sql injection

2010-05-0416:00:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.3%

JSON

SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.

CPENameOperatorVersion
cactieq0.5
cactieq0.8.6107
cactieq0.8.6100
cactieq0.6.3
cactieq0.8.7
cactieq0.8.597
cactieq0.8.3
cactieq0.6.8
cactieq0.8.2
cactieq0.8.5

Name	Operator	Version
cacti	eq	0.5
cacti	eq	0.8.6107
cacti	eq	0.8.6100
cacti	eq	0.6.3
cacti	eq	0.8.7
cacti	eq	0.8.597
cacti	eq	0.8.3
cacti	eq	0.6.8
cacti	eq	0.8.2
cacti	eq	0.8.5

Rows per page:

1-10 of 371

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909

lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

seclists.org/fulldisclosure/2010/Apr/272

secunia.com/advisories/39568

secunia.com/advisories/39572

secunia.com/advisories/41041

www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch

www.debian.org/security/2010/dsa-2039

www.mandriva.com/security/advisories?name=MDVSA-2010:092

www.securityfocus.com/bid/39653

www.vupen.com/english/advisories/2010/0986

www.vupen.com/english/advisories/2010/1107

www.vupen.com/english/advisories/2010/2132

rhn.redhat.com/errata/RHSA-2010-0635.html

www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.3%

JSON

Related for PRION:CVE-2010-1431