| VID |
210102 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Cacti program is vulnerable to an SQL injection vulnerability via the 'login_username' parameter. Cacti is a Web-based frontend to RRDTool (Round Robin Database tool) for network graphing written by PHP. Cacti versions Cacti 0.8.7 prior to 0.8.7b and versions 0.8.6 prior to 0.8.6k could allow a remote attacker to execute arbitrary SQL commands, caused by improper validation of user-supplied input passed to the 'login_username' parameter before using it in the 'auth_login.php' script to perform database queries. Regardless of PHP's 'magic_quotes_gpc' setting, a remote attacker could exploit this vulnerability to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself. In addition to this flaw, the vulnerable softwares are also reportedly several other vulnerabilities.
* References:
http://forums.cacti.net/about25749.html
http://www.cacti.net/release_notes_0_8_7b.php
http://archives.neohapsis.com/archives/bugtraq/2008-02/0162.html
http://www.securityfocus.com/archive/1/488013/30/0/threaded
http://www.frsirt.com/english/advisories/2008/0540
http://secunia.com/advisories/28872
* Platforms Affected:
The Cacti Group, Cacti versions 0.8.7 prior to 0.8.7b
The Cacti Group, Cacti versions 0.8.6 prior to 0.8.6k
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Cacti (0.8.7b or 0.8.6k or later), available from the Cacti Download Web page at http://www.cacti.net/download_cacti.php |
| Related URL |
CVE-2008-0785 (CVE) |
| Related URL |
27749 (SecurityFocus) |
| Related URL |
40452 (ISS) |
|
