Veracode Vulnerability DatabaseVERACODE:24129SQL Injection
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
cacti is vulnerable to SQL injection. Multiple SQL injection flaws were discovered in Cacti. An unauthenticated, or authenticated user with certain administrative privileges, could use these flaws to execute arbitrary SQL queries.
| CPE | Name | Operator | Version |
|---|---|---|---|
| python-psycopg2 | eq | 2.0.6__1.el5ipa | |
| python-psycopg2 | eq | 2.0.6__1.el5ipa |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909
lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
seclists.org/fulldisclosure/2010/Apr/272
secunia.com/advisories/39568
secunia.com/advisories/39572
secunia.com/advisories/41041
www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
www.debian.org/security/2010/dsa-2039
www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf
www.mandriva.com/security/advisories?name=MDVSA-2010:092
www.redhat.com/security/updates/classification/#important
www.securityfocus.com/bid/39653
www.vupen.com/english/advisories/2010/0986
www.vupen.com/english/advisories/2010/1107
www.vupen.com/english/advisories/2010/2132
access.redhat.com/errata/RHSA-2010:0635
rhn.redhat.com/errata/RHSA-2010-0635.html
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P