You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.
netniV
changed the title
SQL Injection in graphs.php
When viewing graphs, some input variables are not properly checked (SQL injection possible)
Dec 7, 2019
@cigamit do you have instructions for reproducing this issue?
Looking at the source code, I am pretty sure that cacti v0.8.8h from Debian Stretch isn't affected, but I would still like to try reproducing the injection.
Just look for a similar section of code in the same php file from 0.8.8. If it uses it in the sQL statement without verifying the number is number, it is affected and needs the same patch.
Describe the bug
As reported by Eldar Marcussen of xen1thLabs there is a SQL injection vulnerability in Cacti's graphs.php.
Expected behavior
Cacti should be not contain SQL vunderabilities
The text was updated successfully, but these errors were encountered: