Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2708

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-2708
Last Modified 17 Jul 2014 01:06:17
Published 10 Apr 2014 04:29:21
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2708

Summary

Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter.

Vulnerable Systems

Application

  • Cacti 0.8.8b


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1084258

XF - cacti-cve20142708-sql-injection(92278)

BID - 66555

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=7439

MLIST - [oss-security] 20140401 CVE request: cacti "bug#0002405: SQL injection in graph_xport.php"

MLIST - [oss-security] 20140403 Re: CVE request: cacti "bug#0002405: SQL injection in graph_xport.php"

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

SECUNIA - 57647

FEDORA - FEDORA-2014-4892

FEDORA - FEDORA-2014-4928

CONFIRM - http://bugs.cacti.net/view.php?id=2405

DEBIAN - DSA-2970

SECUNIA - 59203


Last Updated: 27 May 2016 11:05:10