Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cacti remote code and SQL injection vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cacti remote code and SQL injection vulnerability
Secunia has published a bulletin regarding vulnerabilities in the popular open-source network management web application, Cacti (versions <= 0.8.6i which is the current version).  The vulnerabilities include SQL injection and possible remote code execution.  There is public proof-of-concept code available.  If you run Cacti, you are urged to read the work-arounds in the bulletin until a patch/new version is released.

Secunia bullentin:
Cacti home:

Jim Clausing,  jclausing %% at %% isc dot sans dot org
I will be teaching next: Malware Reverse-Engineering Challenge - SANS New York City 2019


407 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!