Debian Security Advisory 1250-1 - It was discovered that cacti, a frontend to rrdtool, performs insufficient validation of data passed to the "cmd" script, which allows SQL injection and the execution of arbitrary shell commands.
9e1b65a02f6fa7168534a398fa4d538e036279dcecc7da7340d931fc85afb9eeMandriva Linux Security Advisory - SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the second or third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.
4180b3cd621c2af8f68cb6c5a6db1d83b0ba017cc150b6ba8ebb8560e34ecd00
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed