Launchpad.net

CVE 2006-6799

SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.

Related bugs and status

CVE-2006-6799 (Candidate) is related to these bugs:

Bug #78453: cacti remote injection exploit

		In	Importance	Status
78453	cacti remote injection exploit	cacti (Ubuntu)	High	Fix Released
78453	cacti remote injection exploit	cacti (Debian)	Unknown	Fix Released
78453	cacti remote injection exploit	cacti (Ubuntu Edgy)	High	Fix Released
78453	cacti remote injection exploit	cacti (Ubuntu Dapper)	High	Fix Released
78453	cacti remote injection exploit	cacti (Ubuntu Breezy)	High	Invalid

See the

CVE page on Mitre.org for more details.

References

SECUNIA: 23528
OPENPKG: OpenPKG-SA-2007.001
SECTRACK: 1017451
BID: 21799
CONFIRM: http://www.cacti.net/r...
SUSE: SUSE-SA:2007:007
SECUNIA: 23665
DEBIAN: DSA-1250
GENTOO: GLSA-200701-23
SECUNIA: 23917
SECUNIA: 23941
MANDRIVA: MDKSA-2007:015
VUPEN: ADV-2006-5193
XF: cacti-cmd-sql-injectio...
EXPLOIT-DB: 3029
BUGTRAQ: 20070118 Re: FW: [cact...