Arch Linux: ASA-201605-14 Medium: Cacti Package SQL Injection
May 10, 2016
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package cacti before version 0.8.8_h-1 is vulnerable to sql injection.
Arch Linux Security Advisory ASA-201605-14 ========================================= Severity: Medium Date : 2016-05-10 CVE-ID : CVE-2016-3659 Package : cacti Type : sql injection Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package cacti before version 0.8.8_h-1 is vulnerable to sql injection. Resolution ========= Upgrade to 0.8.8_h-1. # pacman -Syu "cacti>=0.8.8_h-1" The problem has been fixed upstream in version 0.8.8h. Workaround ========= None. Description ========== A SQL injection vulnerability has been found in cacti, in the the host_group_data parameter of the graph_view.php file. Impact ===== A remote authenticated attacker can execute arbitrary SQL command on the affected host. References ========= https://www.cve.org/CVERecord?id=CVE-2016-3659
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!