Cacti is a web-based frontend application for RRDTool (round-robin database tool). RRDTool is used to handle time series data such as network bandwidth, temperatures, and CPU load. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "export_item_id" parameter of the "templates_export.php" script before using it in an SQL query. Cacti versions 0.8.7e and earlier are affected.
Ref: http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf
10.18.65 - CVE: Not Available
Platform: Web Application - SQL Injection
Ref: http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf
10.18.65 - CVE: Not Available
Platform: Web Application - SQL Injection
0 comments:
Post a Comment