DescriptionSQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
- SUSE-SA:2007:007, published Fri, 12 Jan 2007 15:00:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Package Hub for SUSE Linux Enterprise 12|| ||Patchnames: |
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA cacti-1.2.18-1.2