Ubuntu
cacti package

[cacti] missing input sanitising

Bug #173611 reported by disabled.user on 2007-12-03

This bug report is a duplicate of: Bug #164072: [CVE-2007-6035] cacti has a sql injection vulnerability. Edit Remove

254

Affects		Status	Importance	Assigned to	Milestone
	cacti (Ubuntu)	New	Undecided	Unassigned

Bug Description

Binary package hint: cacti

References:
DSA-1418-1 (http://www.debian.org/security/2007/dsa-1418)

Quoting DSA-1418-1:
"It was discovered that Cacti, a tool to monitor systems and networks, performs insufficient input sanitising, which allows SQL injection."

Quoting CVE-2007-6035:
"SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter."

See original description

CVE References

2007-6035

Revision history for this message

disabled.user (disabled.user-deactivatedaccount) wrote on 2007-12-03:

Marked as duplicate of bug #164072. Just not my day.
Monday bloody Monday.

description:

updated

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #164072 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntucacti package