[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE Request: cacti SQL injection in template_export
From: "Thijs Kinkhorst" <thijs () debian ! org>
Date: 2010-04-23 13:35:25
Message-ID: 96642b6e35f857b3b0b4afb1dc23e525.squirrel () wm ! kinkhorst ! nl
[Download RAW message or body]
Hi,
On Wednesday an SQL injection issue was announced on Full Disclosure by
"Bonsai Information Security":
http://seclists.org/fulldisclosure/2010/Apr/272, quoting:
> A Vulnerability has been discovered in Cacti, which can be exploited by
> any user to conduct SQL Injection attacks. Input passed via the
> “export_item_id” parameter to “templates_export.php” script is not
> properly sanitized before being used in a SQL query.
Upstream has issued a patch for this issue:
http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
(but no new release yet)
thanks,
Thijs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic