oss-sec mailing list archives
CVE Request: cacti SQL injection in template_export
From: "Thijs Kinkhorst" <thijs () debian org>
Date: Fri, 23 Apr 2010 15:35:25 +0200
Hi, On Wednesday an SQL injection issue was announced on Full Disclosure by "Bonsai Information Security": http://seclists.org/fulldisclosure/2010/Apr/272, quoting:
A Vulnerability has been discovered in Cacti, which can be exploited by any user to conduct SQL Injection attacks. Input passed via the export_item_id parameter to templates_export.php script is not properly sanitized before being used in a SQL query.
Upstream has issued a patch for this issue: http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch (but no new release yet) thanks, Thijs
Current thread:
- CVE Request: cacti SQL injection in template_export Thijs Kinkhorst (Apr 23)
- Re: CVE Request: cacti SQL injection in template_export Josh Bressers (Apr 26)