CVE 2010-1645
Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.
Related bugs and status
CVE-2010-1645 (Candidate) is related to these bugs:
Bug #599892: [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu) | Medium | Invalid | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Hardy) | Undecided | Won't Fix | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Jaunty) | Undecided | Won't Fix | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Lucid) | Undecided | Fix Released | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Karmic) | Undecided | Won't Fix | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Maverick) | Medium | Invalid | ||
Bug #606663: [SECURITY] various fixes in cacti 0.8.7f and 0.8.7g
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 606663 | [SECURITY] various fixes in cacti 0.8.7f and 0.8.7g | cacti (Ubuntu) | Undecided | New | ||
Bug #906773: CVE-2011-4824 SQL injection issue in auth_login.php
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Debian) | Unknown | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Lucid) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Maverick) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Natty) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Precise) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Oneiric) | Medium | Fix Released | ||
Bug #914746: cacti SNMP verbose query PHP error
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 914746 | cacti SNMP verbose query PHP error | cacti (Ubuntu) | Undecided | Fix Released | ||
| 914746 | cacti SNMP verbose query PHP error | cacti (Debian) | Unknown | Fix Released | ||
| 914746 | cacti SNMP verbose query PHP error | Cacti | Undecided | Fix Released | ||
| 914746 | cacti SNMP verbose query PHP error | cacti (Ubuntu Lucid) | Undecided | Fix Released | ||
| 914746 | cacti SNMP verbose query PHP error | cacti (Ubuntu Natty) | Undecided | Invalid | ||
| 914746 | cacti SNMP verbose query PHP error | cacti (Ubuntu Oneiric) | Undecided | Invalid | ||
See the 
CVE page on Mitre.org
for more details.
