First published: Thu May 27 2010(Updated: )
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cacti Cacti | =0.5 | |
Cacti Cacti | =0.8.6k | |
Cacti Cacti | =0.8.6d | |
Cacti Cacti | =0.6.3 | |
Cacti Cacti | =0.8.7 | |
Cacti Cacti | =0.8.5a | |
Cacti Cacti | =0.8.3 | |
Cacti Cacti | =0.6.8 | |
Cacti Cacti | =0.8.2 | |
Cacti Cacti | =0.8.5 | |
Cacti Cacti | =0.6.6 | |
Cacti Cacti | =0.8.7d | |
Cacti Cacti | =0.8.7b | |
Cacti Cacti | =0.8.7a | |
Cacti Cacti | =0.6.2 | |
Cacti Cacti | =0.6.5 | |
Cacti Cacti | =0.8.6f | |
Cacti Cacti | =0.8.6g | |
Cacti Cacti | =0.8.6j | |
Cacti Cacti | =0.8.7c | |
Cacti Cacti | =0.6.1 | |
Cacti Cacti | =0.8 | |
Cacti Cacti | =0.8.6a | |
Cacti Cacti | =0.8.6i | |
Cacti Cacti | =0.8.6 | |
Cacti Cacti | =0.6.8a | |
Cacti Cacti | =0.6.7 | |
Cacti Cacti | =0.8.1 | |
Cacti Cacti | =0.8.4 | |
Cacti Cacti | =0.8.6c | |
Cacti Cacti | =0.6.4 | |
Cacti Cacti | =0.8.6b | |
Cacti Cacti | =0.8.2a | |
Cacti Cacti | =0.8.3a | |
Cacti Cacti | =0.8.6h | |
Cacti Cacti | <=0.8.7e | |
Cacti Cacti | =0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.