FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cacti -- SQL Injection was possible due to incorrect validation order

Affected packages
1.2	<=	cacti	<	1.2.17

Details

VuXML ID	e4cd0b38-c9f9-11eb-87e1-08002750c711
Discovery	2020-12-24
Entry	2021-06-10
Modified	2021-06-24

Cati team reports:

Due to a lack of validation, data_debug.php can be the source of a SQL injection.

[source]

References

CVE Name	CVE-2020-35701
URL	https://github.com/Cacti/cacti/issues/4022

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.