CVE 2010-2092
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.
Related bugs and status
CVE-2010-2092 (Candidate) is related to these bugs:
Bug #542509: apache server configuration
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
542509 | apache server configuration | cacti (Ubuntu) | Undecided | Fix Released | ||
542509 | apache server configuration | cacti (Debian) | Unknown | Fix Released |
Bug #599892: [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu) | Medium | Invalid | ||
599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Hardy) | Undecided | Won't Fix | ||
599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Jaunty) | Undecided | Won't Fix | ||
599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Lucid) | Undecided | Fix Released | ||
599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Karmic) | Undecided | Won't Fix | ||
599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Maverick) | Medium | Invalid |
Bug #606663: [SECURITY] various fixes in cacti 0.8.7f and 0.8.7g
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
606663 | [SECURITY] various fixes in cacti 0.8.7f and 0.8.7g | cacti (Ubuntu) | Undecided | New |
Bug #906773: CVE-2011-4824 SQL injection issue in auth_login.php
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu) | Medium | Fix Released | ||
906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Debian) | Unknown | Fix Released | ||
906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Lucid) | Medium | Fix Released | ||
906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Maverick) | Medium | Fix Released | ||
906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Natty) | Medium | Fix Released | ||
906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Precise) | Medium | Fix Released | ||
906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Oneiric) | Medium | Fix Released |
See the
CVE page on Mitre.org
for more details.