Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SQL Injection was possible due to incorrect validation order (CVE-2020-35701) #4022

Closed
TheWitness opened this issue Dec 24, 2020 · 2 comments
Closed

SQL Injection was possible due to incorrect validation order (CVE-2020-35701) #4022

TheWitness opened this issue Dec 24, 2020 · 2 comments
Labels
bug Undesired behaviour resolved A fixed issue SECURITY A security issue reported through CVE
Milestone
v1.2.17

Comments

@TheWitness
Copy link
Member

Describe the bug

Due to a lack of validation, data_debug.php can be the source of a SQL injection.

Expected behavior

Cacti should be safe from SQL injections
@TheWitness TheWitness added bug Undesired behaviour SECURITY A security issue reported through CVE labels Dec 24, 2020
@TheWitness TheWitness added this to the v1.2.17 milestone Dec 24, 2020
TheWitness added a commit that referenced this issue Dec 24, 2020
@TheWitness
Fixing Issue #4022
565e060 
SQL Injection in data_debug.php
@TheWitness TheWitness added the resolved A fixed issue label Dec 24, 2020
@TheWitness
Copy link
Member Author

TheWitness commented Dec 24, 2020
edited
Loading

@paulgevers , @DavidLiedke, @mortenstevens, @ddb4github

FYI. One more already logged. I'll tag you guys on that one too.

@TheWitness
Copy link
Member Author

@paulgevers, missed you on round one.

@netniV netniV changed the title SQL Injection in data_debug.php SQL Injection vulnerability due to input validation errors when diagnosing datasources (CVE-2020-35701) Jan 4, 2021
@github-actions github-actions bot locked and limited conversation to collaborators Apr 5, 2021
@netniV netniV changed the title SQL Injection vulnerability due to input validation errors when diagnosing datasources (CVE-2020-35701) SQL Injection was possible due to incorrect validation order (CVE-2020-35701) Apr 30, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Undesired behaviour resolved A fixed issue SECURITY A security issue reported through CVE
Projects
None yet
Milestone
v1.2.17
Development

No branches or pull requests
1 participant
@TheWitness