Published: 14/02/2008 Updated: 15/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 770

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Cacti 0.8.7 prior to 0.8.7b and 0.8.6 prior to 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cacti cacti 0.8.1
cacti cacti 0.8.2
cacti cacti 0.8.6f
cacti cacti 0.8.6i
cacti cacti 0.6.7
cacti cacti 0.8
cacti cacti 0.8.5a
cacti cacti 0.8.6c
cacti cacti 0.8.3a
cacti cacti 0.8.4
cacti cacti 0.8.5
cacti cacti 0.8.7a
cacti cacti 0.8.2a
cacti cacti 0.8.3
cacti cacti 0.8.6j
cacti cacti 0.8.7

It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible For the stable distribution (etch), this problem has been fixed in version 086i-34 For the unstable distribution (sid), this problem has been fixed in version 087b ...

source: wwwsecurityfocuscom/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP response-splitting vulnerability Attackers may exploit these vulnerabilities to influence or misrep ...

source: wwwsecurityfocuscom/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP response-splitting vulnerability Attackers may exploit these vulnerabilities to influence or mis ...

source: wwwsecurityfocuscom/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP response-splitting vulnerability Attackers may exploit these vulnerabilities to influence or misrepresent how w ...

source: wwwsecurityfocuscom/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP response-splitting vulnerability Attackers may exploit these vulnerabilities to influence or misrepres ...

CWE-89 http://www.cacti.net/release_notes_0_8_7b.php http://www.securityfocus.com/bid/27749 http://www.securitytracker.com/id?1019414 http://secunia.com/advisories/28872 http://www.mandriva.com/security/advisories?name=MDVSA-2008:052 https://bugzilla.redhat.com/show_bug.cgi?id=432758 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/28976 http://secunia.com/advisories/29242 http://security.gentoo.org/glsa/glsa-200803-18.xml http://secunia.com/advisories/29274 http://securityreason.com/securityalert/3657 http://www.debian.org/security/2008/dsa-1569 http://secunia.com/advisories/30045 http://www.vupen.com/english/advisories/2008/0540 http://www.securityfocus.com/archive/1/488018/100/0/threaded http://www.securityfocus.com/archive/1/488013/100/0/threaded https://nvd.nist.gov https://www.debian.org/security/./dsa-1569 https://www.exploit-db.com/exploits/31160/

CVE-2008-0785

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect