Summary
This host is running Cacti and is prone to SQL injection vulnerability.
Impact
Successful exploitation will allow remote attackers to access, modify or delete information in the underlying database.
Impact Level: Application.
Solution
Apply the patch from below link,
http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
Input passed to the 'templates_export.php' script via 'export_item_id' is not properly sanitized before being used in a SQL query.
Affected
Cacti version 0.8.7e and prior.
References
Severity
Classification
-
CVE CVE-2010-1431 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- ActivePerl perlIS.dll Buffer Overflow
- A-Blog 'sources/search.php' SQL Injection Vulnerability
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- aflog Cookie-Based Authentication Bypass Vulnerability