Cacti 'rra_id' Parameter SQL Injection Vulnerability Network Vulnerability

Summary

Cacti is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Cacti versions 0.8.7e and prior are vulnerable.

References

http://cacti.net/
http://www.php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html
http://www.securityfocus.com/bid/40149

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2092
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari RSS Feed Information Disclosure Vulnerability
Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
AudiStat multiple vulnerabilities
Atmail Multiple Unspecified Security Vulnerabilities.
Artifectx xClassified 'catid' SQL Injection Vulnerability

Take action and discover your vulnerabilities