LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

cacti: SQL injection

Package(s):cacti CVE #(s):CVE-2010-2092
Created:June 14, 2010 Updated:June 17, 2010
Description: From the Debian advisory:

Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to perform SQL injections via a crafted rra_id $_GET value and an additional valid rra_id $_POST or $_COOKIE value.

Alerts:
Debian DSA-2060-1 2010-06-13
Mandriva MDVSA-2010:117 2010-06-16
(Log in to post comments)

cacti: SQL injection

Posted Jun 17, 2010 11:19 UTC (Thu) by cortana (subscriber, #24596) [Link]

Good grief. It's 2010, and we're still trying to use regular expressions to filter out 'bad' input, rather than using placholder parameters in our SQL queries?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds