FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cacti -- SQL injection

Affected packages
cacti < 0.8.6

Details

VuXML ID ca543e06-207a-11d9-814e-0001020eed82
Discovery 2004-08-16
Entry 2004-10-17

Fernando Quintero reports that Cacti 0.8.5a suffers from a SQL injection attack where an attacker can change the password for any Cacti user. This attack is not possible if the PHP option magic_quotes_gpc is set to On, which is the default for PHP in FreeBSD.

References

Message 1092686621.818.8.camel@mitnick.nadied.org

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.