FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-1431

This CVE name corresponds to:

Entered Topic
2010-04-24 cacti -- SQL injection and command execution vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-1431 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-1431
Phase Assigned(20100415)

Description

SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.

References

Source Reference
FULLDISC 20100421 Bonsai Information Security - SQL Injection in Cacti <= 0.8.7e
MISC http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909
CONFIRM http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
DEBIAN DSA-2039
MANDRIVA MDVSA-2010:092
REDHAT RHSA-2010:0635
SUSE SUSE-SR:2010:011
BID 39653
SECUNIA 39568
SECUNIA 39572
SECUNIA 41041
VUPEN ADV-2010-0986
VUPEN ADV-2010-1107
VUPEN ADV-2010-2132

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.