http://bugzilla.novell.com/show_bug.cgi?id=625332 http://bugzilla.novell.com/show_bug.cgi?id=625332#c0 Summary: VUL-0: [Contrib] cacti security issue Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: joop.boonen@home.nl ReportedBy: meissner@novell.com QAContact: qa@suse.de Found By: Security Response Team Blocker: --- Name: CVE-2010-2092 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2092 Phase: Assigned (20100527) Category: Reference: MISC:http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-inje... Reference: CONFIRM:http://www.cacti.net/changelog.php Reference: DEBIAN:DSA-2060 Reference: URL:http://www.debian.org/security/2010/dsa-2060 SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which bypasses the validation routine. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.