paul Posted June 16, 2010 Report Share Posted June 16, 2010 A vulnerability has been discovered and corrected in cacti: SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which bypasses the validation routine (CVE-2010-2092). The updated packages have been patched to correct this issue. Link to comment Share on other sites More sharing options...
Recommended Posts