oss-sec mailing list archives

Re: please assign CVE for cacti bug 2667: SQL Injection Vulnerability

From: cve-assign () mitre org
Date: Tue, 15 Mar 2016 19:40:36 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

http://bugs.cacti.net/view.php?id=2667

case TREE_ITEM_TYPE_HEADER:

where id=" . $_GET["parent_id"]);

POC && EXP
/tree.php?action=item_edit&tree_id=2&parent_id=8%20and%20sleep(1)

tree.php

+  input_validate_input_number(get_request_var("parent_id"));


Use CVE-2016-3172.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW6J0SAAoJEL54rhJi8gl5wSMQAKCXHxaRSnS5tv4i/uuP5VgQ
SCXTR1VCtGN+L40tk9PTdMZCOQVbztdlWApRJd9pQByKHL1uCO1msyR7JowOsMFk
7lQGhOT5n1xlaAmEwXzlGGflFU7/CNUNYn8ywR8vTYR8KMCuVTqACGU+KhokzHao
1d9RG/rdTS/n5dPCa/IQfyGq8+eaYM972FrwqWjYHUPRVVF3/AYPwv6bhgdYFUwA
gmy70yIs9OYS+AZskqd1ViYwyqkrvh1A9SH9lM+g5oGVj74bXXqR35iRml86njr8
+cD8hpI9ngcz2J+XYEiQFNr1uTGhPCWHrAgkvEvAp521VFegJN/Lp84It1Nfq80P
URK6fu9FC7K5lEseiIK4rcge3ETcDqi8dSmgRODLtUz5WKOBOfIBRT1oJFOHNH70
FRyjLXSIEGVFb/oL7bkpffsucI4DLq0BpYGGex2wGT+puts6OGKdThKbSWlOxRDJ
vUaWf5XospQa9rdSxOzVk5qh4hXx23v02hS3+rvmoznFHvaOFhMKaBVso1ZA3dSx
MlBVVNBQzVXm+iFr/DgWOilFy5x06KtkmzrImItPJwSANwTr2/txA+z+sdE7liiA
SDP/WUSadyPCBtdylQcq6AS8GH6/I3Wqx5/iz87Ou7UlkUjGXa+LNbPFKRd903/w
dnhgQ7X5YlApn7+ywcfE
=6K3M
-----END PGP SIGNATURE-----

Current thread:

please assign CVE for cacti bug 2667: SQL Injection Vulnerability Paul Gevers (Mar 10)
- Re: please assign CVE for cacti bug 2667: SQL Injection Vulnerability Tim Zingelman (Mar 15)
- Re: please assign CVE for cacti bug 2667: SQL Injection Vulnerability cve-assign (Mar 15)