Secunia
Login
|
|
CVE Reference: CVE-2006-6799 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-6799 |
|
|
Description: SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/31177 SUSE http://www.novell.com/linux/security/advisories/2007_07_cacti.html ST 1017451 SAID Secunia Advisory: SA23528 Secunia Advisory: SA23665 Secunia Advisory: SA23917 Secunia Advisory: SA23941 OPENPKG http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.001.html MISC http://www.milw0rm.com/exploits/3029 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:015 GENTOO http://security.gentoo.org/glsa/glsa-200701-23.xml DEBIAN http://www.debian.org/security/2007/dsa-1250 CONFIRM http://www.cacti.net/release_notes_0_8_6j.php BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/457290/100/0/threaded BID 21799 |
|
| Return to the previous page. |
