Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-1431

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2010-1431
Last Modified 15 Feb 2012 11:02:39
Published 04 May 2010 12:00:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2010-1431

Summary

SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.

Vulnerable Systems

Application

  • Cacti 0.5

  • Cacti 0.6

  • Cacti 0.6.1

  • Cacti 0.6.2

  • Cacti 0.6.3

  • Cacti 0.6.4

  • Cacti 0.6.5

  • Cacti 0.6.6

  • Cacti 0.6.7

  • Cacti 0.6.8

  • Cacti 0.6.8a

  • Cacti 0.8

  • Cacti 0.8.1

  • Cacti 0.8.2

  • Cacti 0.8.2a

  • Cacti 0.8.3

  • Cacti 0.8.3a

  • Cacti 0.8.4

  • Cacti 0.8.5

  • Cacti 0.8.5a

  • Cacti 0.8.6

  • Cacti 0.8.6a

  • Cacti 0.8.6b

  • Cacti 0.8.6c

  • Cacti 0.8.6d

  • Cacti 0.8.6f

  • Cacti 0.8.6g

  • Cacti 0.8.6h

  • Cacti 0.8.6i

  • Cacti 0.8.6j

  • Cacti 0.8.6k

  • Cacti 0.8.7

  • Cacti 0.8.7a

  • Cacti 0.8.7b

  • Cacti 0.8.7c

  • Cacti 0.8.7d

  • Cacti 0.8.7e


References

CONFIRM - http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909

REDHAT - RHSA-2010:0635

VUPEN - ADV-2010-1107

VUPEN - ADV-2010-0986

BID - 39653

MANDRIVA - MDVSA-2010:092

MISC - http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf

DEBIAN - DSA-2039

SECUNIA - 41041

SECUNIA - 39572

SECUNIA - 39568

FULLDISC - 20100421 Bonsai Information Security - SQL Injection in Cacti <= 0.8.7e

SUSE - SUSE-SR:2010:011

VUPEN - ADV-2010-2132


Last Updated: 27 May 2016 10:58:16