[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: cacti multiple SQL injections
From: Alessandro Ghedini <alessandro () ghedini ! me>
Date: 2015-09-30 10:50:31
Message-ID: 20150930105031.GA8507 () kronk ! local
[Download RAW message or body]
On Sat, Jul 18, 2015 at 07:31:21PM +0200, Alessandro Ghedini wrote:
> Hi,
>
> CVE-2015-4634 was assigned for an SQL injection in cacti [0], but according to
> the commit fixing it [1] several other SQL injections were also found:
>
> -bug#0002574: SQL Injection Vulnerabilitie in graph items and graph template items
> http://bugs.cacti.net/view.php?id=0002574
>
> -bug#0002579: SQL Injection Vulnerabilitie in data sources
> http://bugs.cacti.net/view.php?id=0002579
>
> -bug#0002580: SQL Injection in cdef.php
> http://bugs.cacti.net/view.php?id=0002580
>
> -bug#0002582: SQL Injection in data_templates.php
> http://bugs.cacti.net/view.php?id=0002582
>
> -bug#0002583: SQL Injection in graph_templates.php
> http://bugs.cacti.net/view.php?id=0002583
>
> -bug#0002584: SQL Injection in host_templates.php
> http://bugs.cacti.net/view.php?id=0002584
>
> Could CVEs be assigned for these issues as well?
>
> Thanks
>
> [0] http://bugs.cacti.net/view.php?id=0002577
> [1] http://svn.cacti.net/viewvc?view=rev&revision=7731
Re-ping?
Cheers
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic