oss-sec mailing list archives

CVE Request: cacti multiple SQL injections

From: Alessandro Ghedini <alessandro () ghedini me>
Date: Sat, 18 Jul 2015 19:31:21 +0200

Hi,

CVE-2015-4634 was assigned for an SQL injection in cacti [0], but according to
the commit fixing it [1] several other SQL injections were also found:

-bug#0002574: SQL Injection Vulnerabilitie in graph items and graph template items
http://bugs.cacti.net/view.php?id=0002574

-bug#0002579: SQL Injection Vulnerabilitie in data sources
http://bugs.cacti.net/view.php?id=0002579

-bug#0002580: SQL Injection in cdef.php
http://bugs.cacti.net/view.php?id=0002580

-bug#0002582: SQL Injection in data_templates.php
http://bugs.cacti.net/view.php?id=0002582

-bug#0002583: SQL Injection in graph_templates.php
http://bugs.cacti.net/view.php?id=0002583

-bug#0002584: SQL Injection in host_templates.php
http://bugs.cacti.net/view.php?id=0002584

Could CVEs be assigned for these issues as well?

Thanks

[0] http://bugs.cacti.net/view.php?id=0002577
[1] http://svn.cacti.net/viewvc?view=rev&revision=7731

Attachment: signature.asc
Description: Digital signature

Current thread:

CVE Request: cacti multiple SQL injections Alessandro Ghedini (Jul 18)
- Re: CVE Request: cacti multiple SQL injections Alessandro Ghedini (Aug 05)
- Re: CVE Request: cacti multiple SQL injections Alessandro Ghedini (Sep 30)