FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cacti -- multiple vulnerabilities

Affected packages
cacti < 1.2.8

Details

VuXML ID 86224a04-26de-11ea-97f2-001a8c5c04b6
Discovery 2019-10-12
Entry 2020-01-06

The cacti developers reports:

When viewing graphs, some input variables are not properly checked (SQL injection possible).

Multiple instances of lib/functions.php are affected by unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.

[source]

References

CVE Name CVE-2019-17357
CVE Name CVE-2019-17358
FreeBSD PR ports/242834
URL https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.