[Bug 599239] New: VUL-0: cacti: SQL injection in template_export
http://bugzilla.novell.com/show_bug.cgi?id=599239
http://bugzilla.novell.com/show_bug.cgi?id=599239#c0
Summary: VUL-0: cacti: SQL injection in template_export
Classification: openSUSE
Product: openSUSE 11.0
Version: Final
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
AssignedTo: crrodriguez@novell.com
ReportedBy: lnussel@novell.com
QAContact: qa@suse.de
CC: security-team@suse.de
Found By: Other
Blocker: ---
Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.
------------------------------------------------------------------------------
Date: Fri, 23 Apr 2010 15:35:25 +0200
From: "Thijs Kinkhorst"
A Vulnerability has been discovered in Cacti, which can be exploited by any user to conduct SQL Injection attacks. Input passed via the Âexport_item_id parameter to Âtemplates_export.php script is not properly sanitized before being used in a SQL query.
Upstream has issued a patch for this issue: http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_exportp... (but no new release yet) thanks, Thijs -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=599239
http://bugzilla.novell.com/show_bug.cgi?id=599239#c1
Cristian Rodríguez
http://bugzilla.novell.com/show_bug.cgi?id=599239
http://bugzilla.novell.com/show_bug.cgi?id=599239#c2
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=599239
http://bugzilla.novell.com/show_bug.cgi?id=599239#c3
--- Comment #3 from Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=599239
http://bugzilla.novell.com/show_bug.cgi?id=599239#c4
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=599239
http://bugzilla.novell.com/show_bug.cgi?id=599239#c5
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=599239
http://bugzilla.novell.com/show_bug.cgi?id=599239#c
Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com