Debian: DSA-4604-1 Moderate: Cacti SQL Injection and Access Flaws
debian
January 19, 2020
Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users
Topics Covered
Summary
Multiple issues have been found in cacti, a server monitoring system,
potentially resulting in SQL code execution or information disclosure by
authenticated users.
CVE-2019-16723
Authenticated users may bypass authorization checks for viewing a graph
by submitting requests with modified local_graph_id parameters.
CVE-2019-17357
The graph administration interface insufficiently sanitizes the
template_id parameter, potentially resulting in SQL injection. This
vulnerability might be leveraged by authenticated attackers to perform
unauthorized SQL code execution on the database.
CVE-2019-17358
The sanitize_unserialize_selected_items function (lib/functions.php)
insufficiently sanitizes user input before deserializing it,
potentially resulting in unsafe deserialization of user-controlled
data. This vulnerability might be leveraged by authenticated attackers to influence the program control flow or cause memory corruption.
For the oldstable distribution (stretch...
PREVIOUS 
NEXT Package: cacti
CVE ID: CVE-2019-16723 CVE-2019-17357 CVE-2019-17358
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!