FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cacti -- SQL injection and command execution vulnerabilities

Affected packages
cacti <= 0.8.7e4


VuXML ID 5198ef84-4fdc-11df-83fb-0015587e2cc1
Discovery 2010-04-21
Entry 2010-04-24
Modified 2013-06-16

Bonsai information security reports:

A Vulnerability has been discovered in Cacti, which can be exploited by any user to conduct SQL Injection attacks. Input passed via the "export_item_id" parameter to "templates_export.php" script is not properly sanitized before being used in a SQL query.

The same source also reported a command execution vulnerability. This second issue can be exploited by Cacti users who have the rights to modify device or graph configurations.


CVE Name CVE-2010-1431
FreeBSD PR ports/146021