CVE-2011-4824 SQL injection issue in auth_login.php
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cacti (Debian) |
Fix Released
|
Unknown
|
|||
cacti (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Fix Released
|
Medium
|
Unassigned | ||
Natty |
Fix Released
|
Medium
|
Unassigned | ||
Oneiric |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
affects ubuntu/cacti
milestone lucid
milestone maverick
milestone natty
milestone oneiric
milestone precise
assignee udienz
status inprogress
security yes
done
Description
SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h
allows remote attackers to execute arbitrary SQL commands via the
login_username
parameter.
References
http://
Patch http://
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJ
nPOrb+ULs9DB7rk
NBZWyFvPBB47CyN
HSTlSR172EAdlB3
5tSd73+
+PeaDJIvPZd5pfX
il171DGB3cAc4UO
4GjNS6KCiHrT1SU
OYb0bbMKF3luRWG
EWvGxQd6l9CC+
S8Vf3yyyk0TFXw+
PKUHtzM2Ob0Tjl+
=rhvM
-----END PGP SIGNATURE-----
Changed in cacti (Debian): | |
status: | Unknown → Fix Committed |
Changed in cacti (Ubuntu Lucid): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in cacti (Ubuntu Maverick): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in cacti (Ubuntu Natty): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in cacti (Ubuntu Oneiric): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in cacti (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in cacti (Ubuntu Lucid): | |
status: | Confirmed → Incomplete |
assignee: | nobody → Mahyuddin Susanto (udienz) |
Changed in cacti (Ubuntu Maverick): | |
status: | Confirmed → Incomplete |
assignee: | nobody → Mahyuddin Susanto (udienz) |
Changed in cacti (Ubuntu Natty): | |
status: | Confirmed → Incomplete |
assignee: | nobody → Mahyuddin Susanto (udienz) |
Changed in cacti (Ubuntu Oneiric): | |
status: | Confirmed → Incomplete |
assignee: | nobody → Mahyuddin Susanto (udienz) |
Changed in cacti (Debian): | |
status: | Fix Committed → Fix Released |
status new security- sponsors
assignee nobody
private no
subscribe ubuntu-
tag patch
done
On 12/20/2011 03:20 PM, Mahyuddin Susanto wrote: bugs.debian. org/cgi- bin/bugreport. cgi?bug= 652371 bugs.debian. org/cgi- bin/bugreport. cgi?bug= 652371
> ** Bug watch added: Debian Bug tracker #652371
> http://
>
> ** Also affects: cacti (Debian) via
> http://
> Importance: Unknown
> Status: Unknown
>
Attached debdiff for lucid, maverick, natty and oneiric