oss-sec mailing list archives
Re: please assign CVE for cacti bug 2667: SQL Injection Vulnerability
From: cve-assign () mitre org
Date: Tue, 15 Mar 2016 19:40:36 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
http://bugs.cacti.net/view.php?id=2667 case TREE_ITEM_TYPE_HEADER: where id=" . $_GET["parent_id"]);
POC && EXP /tree.php?action=item_edit&tree_id=2&parent_id=8%20and%20sleep(1)
tree.php + input_validate_input_number(get_request_var("parent_id"));
Use CVE-2016-3172. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW6J0SAAoJEL54rhJi8gl5wSMQAKCXHxaRSnS5tv4i/uuP5VgQ SCXTR1VCtGN+L40tk9PTdMZCOQVbztdlWApRJd9pQByKHL1uCO1msyR7JowOsMFk 7lQGhOT5n1xlaAmEwXzlGGflFU7/CNUNYn8ywR8vTYR8KMCuVTqACGU+KhokzHao 1d9RG/rdTS/n5dPCa/IQfyGq8+eaYM972FrwqWjYHUPRVVF3/AYPwv6bhgdYFUwA gmy70yIs9OYS+AZskqd1ViYwyqkrvh1A9SH9lM+g5oGVj74bXXqR35iRml86njr8 +cD8hpI9ngcz2J+XYEiQFNr1uTGhPCWHrAgkvEvAp521VFegJN/Lp84It1Nfq80P URK6fu9FC7K5lEseiIK4rcge3ETcDqi8dSmgRODLtUz5WKOBOfIBRT1oJFOHNH70 FRyjLXSIEGVFb/oL7bkpffsucI4DLq0BpYGGex2wGT+puts6OGKdThKbSWlOxRDJ vUaWf5XospQa9rdSxOzVk5qh4hXx23v02hS3+rvmoznFHvaOFhMKaBVso1ZA3dSx MlBVVNBQzVXm+iFr/DgWOilFy5x06KtkmzrImItPJwSANwTr2/txA+z+sdE7liiA SDP/WUSadyPCBtdylQcq6AS8GH6/I3Wqx5/iz87Ou7UlkUjGXa+LNbPFKRd903/w dnhgQ7X5YlApn7+ywcfE =6K3M -----END PGP SIGNATURE-----
Current thread:
- please assign CVE for cacti bug 2667: SQL Injection Vulnerability Paul Gevers (Mar 10)
- Re: please assign CVE for cacti bug 2667: SQL Injection Vulnerability Tim Zingelman (Mar 15)
- Re: please assign CVE for cacti bug 2667: SQL Injection Vulnerability cve-assign (Mar 15)