Mailinglist Archive: opensuse-bugs (4766 mails)

< Previous Next >
[Bug 599239] New: VUL-0: cacti: SQL injection in template_export
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 23 Apr 2010 14:14:51 +0000
  • Message-id: <bug-599239-21960@xxxxxxxxxxxxxxxxxxxxxxxx/>

Summary: VUL-0: cacti: SQL injection in template_export
Classification: openSUSE
Product: openSUSE 11.0
Version: Final
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
AssignedTo: crrodriguez@xxxxxxxxxx
ReportedBy: lnussel@xxxxxxxxxx
QAContact: qa@xxxxxxx
CC: security-team@xxxxxxx
Found By: Other
Blocker: ---

Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.

Date: Fri, 23 Apr 2010 15:35:25 +0200
From: "Thijs Kinkhorst" <thijs@xxxxxxxxxx>
Subject: [oss-security] CVE Request: cacti SQL injection in template_export


On Wednesday an SQL injection issue was announced on Full Disclosure by
"Bonsai Information Security":, quoting:
A Vulnerability has been discovered in Cacti, which can be exploited by
any user to conduct SQL Injection attacks. Input passed via the
“export_item_id” parameter to “templates_export.php” script is not
properly sanitized before being used in a SQL query.

Upstream has issued a patch for this issue:
(but no new release yet)


Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.
< Previous Next >