CVE 2010-2092
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.
Related bugs and status
CVE-2010-2092 (Candidate) is related to these bugs:
Bug #542509: apache server configuration
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 542509 | apache server configuration | cacti (Ubuntu) | Undecided | Fix Released | ||
| 542509 | apache server configuration | cacti (Debian) | Unknown | Fix Released | ||
Bug #599892: [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu) | Medium | Invalid | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Hardy) | Undecided | Won't Fix | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Jaunty) | Undecided | Won't Fix | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Lucid) | Undecided | Fix Released | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Karmic) | Undecided | Won't Fix | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Maverick) | Medium | Invalid | ||
Bug #606663: [SECURITY] various fixes in cacti 0.8.7f and 0.8.7g
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 606663 | [SECURITY] various fixes in cacti 0.8.7f and 0.8.7g | cacti (Ubuntu) | Undecided | New | ||
Bug #906773: CVE-2011-4824 SQL injection issue in auth_login.php
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Debian) | Unknown | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Lucid) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Maverick) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Natty) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Precise) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Oneiric) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
