oss-sec mailing list archives
Re: CVE Request: cacti multiple SQL injections
From: Alessandro Ghedini <alessandro () ghedini me>
Date: Wed, 30 Sep 2015 12:50:31 +0200
On Sat, Jul 18, 2015 at 07:31:21PM +0200, Alessandro Ghedini wrote:
Hi, CVE-2015-4634 was assigned for an SQL injection in cacti [0], but according to the commit fixing it [1] several other SQL injections were also found: -bug#0002574: SQL Injection Vulnerabilitie in graph items and graph template items http://bugs.cacti.net/view.php?id=0002574 -bug#0002579: SQL Injection Vulnerabilitie in data sources http://bugs.cacti.net/view.php?id=0002579 -bug#0002580: SQL Injection in cdef.php http://bugs.cacti.net/view.php?id=0002580 -bug#0002582: SQL Injection in data_templates.php http://bugs.cacti.net/view.php?id=0002582 -bug#0002583: SQL Injection in graph_templates.php http://bugs.cacti.net/view.php?id=0002583 -bug#0002584: SQL Injection in host_templates.php http://bugs.cacti.net/view.php?id=0002584 Could CVEs be assigned for these issues as well? Thanks [0] http://bugs.cacti.net/view.php?id=0002577 [1] http://svn.cacti.net/viewvc?view=rev&revision=7731
Re-ping? Cheers
Attachment:
signature.asc
Description:
Current thread:
- CVE Request: cacti multiple SQL injections Alessandro Ghedini (Jul 18)
- Re: CVE Request: cacti multiple SQL injections Alessandro Ghedini (Aug 05)
- Re: CVE Request: cacti multiple SQL injections Alessandro Ghedini (Sep 30)