Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4824

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4824
Last Modified 27 Oct 2012 11:37:31
Published 14 Dec 2011 10:57:34
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4824

Summary

SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter.

Vulnerable Systems

Application

  • Cacti 0.5

  • Cacti 0.6

  • Cacti 0.6.1

  • Cacti 0.6.2

  • Cacti 0.6.3

  • Cacti 0.6.4

  • Cacti 0.6.5

  • Cacti 0.6.6

  • Cacti 0.6.7

  • Cacti 0.6.8

  • Cacti 0.6.8a

  • Cacti 0.8

  • Cacti 0.8.1

  • Cacti 0.8.2

  • Cacti 0.8.2a

  • Cacti 0.8.3

  • Cacti 0.8.3a

  • Cacti 0.8.4

  • Cacti 0.8.5

  • Cacti 0.8.5a

  • Cacti 0.8.6

  • Cacti 0.8.6a

  • Cacti 0.8.6b

  • Cacti 0.8.6c

  • Cacti 0.8.6d

  • Cacti 0.8.6f

  • Cacti 0.8.6g

  • Cacti 0.8.6h

  • Cacti 0.8.6i

  • Cacti 0.8.6j

  • Cacti 0.8.6k

  • Cacti 0.8.7

  • Cacti 0.8.7a

  • Cacti 0.8.7b

  • Cacti 0.8.7c

  • Cacti 0.8.7d

  • Cacti 0.8.7e

  • Cacti 0.8.7g


References

XF - cacti-unspecified-sql-injection(71326)

BID - 50671

CONFIRM - http://www.cacti.net/release_notes_0_8_7h.php

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=6807

SECUNIA - 46876

SECUNIA - 44133

FEDORA - FEDORA-2011-15071

FEDORA - FEDORA-2011-15110

FEDORA - FEDORA-2011-15032

CONFIRM - http://forums.cacti.net/viewtopic.php?f=21&t=44116

CONFIRM - http://bugs.cacti.net/view.php?id=2062


Last Updated: 27 May 2016 10:57:16