Cacti is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Information
Planet Technology WSW-2401 0.8.6 g
Cacti Spine 0.8.7g
Cacti Cacti 0.8.7
Cacti Cacti 0.8.6 f
Cacti Cacti 0.8.6 c
Cacti Cacti 0.8.5 a
Cacti Cacti 0.8.5
Cacti Cacti 0.8.4
Cacti Cacti 0.8.3 a
Cacti Cacti 0.8.3
Cacti Cacti 0.8.2 a
Cacti Cacti 0.8.2
Cacti Cacti 0.8.1
Cacti Cacti 0.8
Cacti Cacti 0.6.7
Cacti Cacti 0.8.8d
Cacti Cacti 0.8.8c
Cacti Cacti 0.8.8b
Cacti Cacti 0.8.8a
Cacti Cacti 0.8.8
Cacti Cacti 0.8.7i
Cacti Cacti 0.8.7h
Cacti Cacti 0.8.7g
Cacti Cacti 0.8.7f
Cacti Cacti 0.8.7e
Cacti Cacti 0.8.7d
Cacti Cacti 0.8.7c
Cacti Cacti 0.8.7b
Cacti Cacti 0.8.7a
Cacti Cacti 0.8.6k
Cacti Cacti 0.8.6j
Cacti Cacti 0.8.6i
Cacti Cacti 0.8.6F
Cacti Cacti 0.8.6E
Exploit
An attacker can exploit these issues using a web browser.
References:
- Cacti Homepage (Cacti)
- Re: CVE Request: cacti multiple SQL injections (Alessandro Ghedini)
- bug:0002646: SQL injection in graph.php (bugs.cacti)
- SQL Injection in cdef.php (bugs.cacti)
- SQL Injection in data_templates.php (bugs.cacti)
- SQL Injection in graph_templates.php (bugs.cacti)
- SQL Injection in host_templates.php (bugs.cacti)
- SQL Injection Vulnerabilitie in data sources (bugs.cacti)
- SQL Injection Vulnerabilitie in graph items and graph template items (bugs.cacti)