Arch Linux ASA-201602-24 High Severity SQL Injection in Cacti
Feb 28, 2016
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package cacti before version 0.8.8_g-2 is vulnerable to sql injection.
Arch Linux Security Advisory ASA-201602-24 ========================================= Severity: High Date : 2016-02-28 CVE-ID : CVE-2015-8604 CVE-2015-8377 CVE-2015-8369 Package : cacti Type : sql injection Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package cacti before version 0.8.8_g-2 is vulnerable to sql injection. Resolution ========= Upgrade to 0.8.8_g-2. # pacman -Syu "cacti>=0.8.8_g-2" The problem has been fixed upstream in version 0.8.8_g. Workaround ========= None. Description ========== - CVE-2015-8604 (sql injection) SQL injection in graphs_new.php. - CVE-2015-8377 (sql injection) SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php. - CVE-2015-8369 (sql injection) SQL injection in graph.php. Impact ===== A remote attacker is able to get access to the cacti database. References ========= https://www.openwall.com/lists/oss-security/2016/01/04/8 https://bugs.mageia.org/show_bug.cgi?id=17352
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!