Cacti remote code and SQL injection vulnerability

Published: 2006-12-28
Last Updated: 2006-12-29 04:30:11 UTC
by Jim Clausing (Version: 1)
0 comment(s)
Secunia has published a bulletin regarding vulnerabilities in the popular open-source network management web application, Cacti (versions <= 0.8.6i which is the current version).  The vulnerabilities include SQL injection and possible remote code execution.  There is public proof-of-concept code available.  If you run Cacti, you are urged to read the work-arounds in the bulletin until a patch/new version is released.

Secunia bullentin:
Cacti home:

Jim Clausing,  jclausing %% at %% isc dot sans dot org
0 comment(s)


Diary Archives