FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cacti -- SQL Injection was possible due to incorrect validation order

Affected packages
1.2 <= cacti < 1.2.17

Details

VuXML ID e4cd0b38-c9f9-11eb-87e1-08002750c711
Discovery 2020-12-24
Entry 2021-06-10
Modified 2021-06-24

Cati team reports:

Due to a lack of validation, data_debug.php can be the source of a SQL injection.

References

CVE Name CVE-2020-35701
URL https://github.com/Cacti/cacti/issues/4022