Cacti Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP response-splitting vulnerability. Attackers may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted, to compromise the application, to access or modify data, to exploit vulnerabilities in the underlying database, or to execute arbitrary script code in the browser of an unsuspecting user. These issues affect Cacti 0.8.7a and prior versions.

Solution

Updates are available. Please see http://cacti.net/ for more information.

References

http://www.securityfocus.com/bid/27749

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-0783, CVE-2008-0784, CVE-2008-0785, CVE-2008-0786
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
Assesi 'bg' Parameter SQL Injection vulnerability
b2Evolution title SQL Injection

Take action and discover your vulnerabilities