Summary
This host is running Cacti and is prone to SQL injection vulnerability.
Impact
Successful exploitation will allow remote attackers to access, modify or delete information in the underlying database.
Impact Level: Application.
Solution
Apply the patch from below link,
http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
Input passed to the 'templates_export.php' script via 'export_item_id' is not properly sanitized before being used in a SQL query.
Affected
Cacti version 0.8.7e and prior.
References
Severity
Classification
-
CVE CVE-2010-1431 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities