Debian Security Advisory
DLA-278-1 cacti -- LTS security update
- Date Reported:
- 20 Jul 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-4634.
- More information:
Several SQL injection vulnerabilities were discovered in cacti, a frontend to rrdtool for monitoring systems and service:
SQL injection vulnerability in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands in graphs.php
Currently unknown or unassigned CVE's SQL injection vulnerability in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands in cdef.php, color.php, data_input.php, data_queries.php, data_sources.php, data_templates.php, gprint_presets.php, graph_templates.php, graph_templates_items.php, graphs_items.php, host.php, host_templates.php, lib/functions.php, rra.php, tree.php and user_admin.php
For the oldoldstable distribution (squeeze), these problems have been fixed in version 0.8.7g-1+squeeze7.