In association with heise online

21 November 2007, 12:18

SQL injection vulnerability in Cacti network statistics program

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

An SQL injection vulnerability in the Cacti network statistics program can be exploited by attackers to pass their own commands to the underlying database. It may be possible to exploit this to view protected content or manipulate content. The cause is the failure to filter the local_graph_id parameter in the graph.php script. Updating to version 0.8.7a should fix the problem.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit