Home / vulnerabilitiesPDF  

Cacti SQL Injection / Header Injection

Posted on 10 June 2015
Source : packetstormsecurity.org Link

 

#############################################################################
#
# DBAPPSECURITY LIMITED http://www.dbappsecurity.com.cn/
#
#############################################################################
#
# CVE ID: CVE-2015-4342
# Product: cacti
# Subject: SQL Injection and Location header injection from cdef id
# Author: unhex
# Date: June 9th 2015
#
#############################################################################

The following issue has been RESOLVED.
======================================================================
http://bugs.cacti.net/view.php?id=2571
======================================================================
Reported By: unhex
Assigned To: rony
======================================================================
Project: Cacti
Issue ID: 2571
Category: Database
Reproducibility: always
Severity: feature
Priority: normal
Status: resolved
Resolution: fixed
Fixed in Version: 0.8.8d
======================================================================
Date Submitted: 2015-06-02 23:39 EDT
Last Modified: 2015-06-08 11:51 EDT
======================================================================
Summary: SQL Injection and Location header injection from
cdef id
Description:
I found the security vulnerability.U can receive the attachment.
======================================================================

----------------------------------------------------------------------
(0006864) rony (administrator) - 2015-06-08 11:51
http://bugs.cacti.net/view.php?id=2571#c6864
----------------------------------------------------------------------
Issue resolved.

Issue History
Date Modified Username Field Change
======================================================================
2015-06-02 23:39 unhex New Issue
2015-06-03 02:30 Linegod Status new => assigned
2015-06-03 02:30 Linegod Assigned To => cigamit
2015-06-06 07:26 unhex Note Added: 0006863
2015-06-08 11:48 rony Assigned To cigamit => rony
2015-06-08 11:49 rony Fixed in Version => 0.8.8d
2015-06-08 11:49 rony Summary a security
vulnerability => SQL Injection and Location header injection from cdef id
2015-06-08 11:51 rony Note Added: 0006864
2015-06-08 11:51 rony Status assigned => resolved
2015-06-08 11:51 rony Resolution open => fixed
======================================================================

 

TOP