Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Gentoo: GLSA-200701-23 High: Cacti Command Execution Risks

gentoo
Calendar Grey January 26, 2007
Dist Gentoo Esm H88
Gentoo GLSA 200701-23 highlights critical SQL injection and command execution vulnerabilities in Cacti, urging swift action to secure affected systems
Cacti has three vulnerabilities that could allow shell command execution or SQL injection.

Summary

Gentoo Linux Security Advisory GLSA 200701-23 https://security.gentoo.org/ Severity: High Title: Cacti: Command execution and SQL injection Date: January 26, 2007 Bugs: #159278 ID: 200701-23

Synopsis ======= Cacti has three vulnerabilities that could allow shell command execution or SQL injection.
Background ========= Cacti is a web-based network graphing and reporting tool.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/cacti < 0.8.6i-r1 >= 0.8.6i-r1
========== rgod discovered that the Cacti cmd.php and copy_cacti_user.php scripts do not properly control access to the command shell, and are remotely accessible by unauthenticated users. This allows ...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory high severity command execution sql injection gentoo linux cacti

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory high severity command execution sql injection gentoo linux cacti

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here