[cacti] missing input sanitising
Bug #173611 reported by
disabled.user
This bug report is a duplicate of:
Bug #164072: [CVE-2007-6035] cacti has a sql injection vulnerability.
Edit
Remove
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cacti (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: cacti
References:
DSA-1418-1 (http://
Quoting DSA-1418-1:
"It was discovered that Cacti, a tool to monitor systems and networks, performs insufficient input sanitising, which allows SQL injection."
Quoting CVE-2007-6035:
"SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter."
CVE References
To post a comment you must log in.
Marked as duplicate of bug #164072. Just not my day.
Monday bloody Monday.