Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When viewing graphs, some input variables are not properly checked (SQL injection possible) #3025

Closed
cigamit opened this issue Oct 12, 2019 · 4 comments
Closed

When viewing graphs, some input variables are not properly checked (SQL injection possible) #3025

cigamit opened this issue Oct 12, 2019 · 4 comments
Labels
bug Undesired behaviour resolved A fixed issue SECURITY A security issue reported through CVE
Milestone
v1.2.8

Comments

@cigamit
Copy link
Member

cigamit commented Oct 12, 2019

Describe the bug
As reported by Eldar Marcussen of xen1thLabs there is a SQL injection vulnerability in Cacti's graphs.php.

Expected behavior
Cacti should be not contain SQL vunderabilities
@cigamit cigamit added bug Undesired behaviour SECURITY A security issue reported through CVE labels Oct 12, 2019
@cigamit cigamit added this to the v1.2.8 milestone Oct 12, 2019
@cigamit cigamit added the resolved A fixed issue label Oct 12, 2019
cigamit added a commit that referenced this issue Oct 12, 2019
@cigamit
Resolving Issue #3025
d6dc485 
SQL Injection in graphs.php
@cigamit cigamit closed this as completed Oct 12, 2019
@netniV netniV changed the title SQL Injection in graphs.php When viewing graphs, some input variables are not properly checked (SQL injection possible) Dec 7, 2019
@carnil
Copy link

carnil commented Dec 10, 2019

This was assigned CVE-2019-17357.

@hlef
Copy link

hlef commented Dec 29, 2019
edited

@cigamit do you have instructions for reproducing this issue?

Looking at the source code, I am pretty sure that cacti v0.8.8h from Debian Stretch isn't affected, but I would still like to try reproducing the injection.

@netniV
Copy link
Member

netniV commented Dec 30, 2019

Just look for a similar section of code in the same php file from 0.8.8. If it uses it in the sQL statement without verifying the number is number, it is affected and needs the same patch.

@TheWitness
Copy link
Member

It has no impact to 0.8.x.

@github-actions github-actions bot locked and limited conversation to collaborators Jun 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Undesired behaviour resolved A fixed issue SECURITY A security issue reported through CVE
Projects
None yet
Milestone
v1.2.8
Development

No branches or pull requests
5 participants
@carnil @cigamit @TheWitness @hlef @netniV