ServicesSecurity Alerts

RaXnet Cacti Auth_Login.PHP SQL Injection Vulnerability

2004-09-09 14:53:40 Marketing Dept



Vulnerability Name： RaXnet Cacti Auth_Login.PHP SQL Injection Vulnerability Published Date： 2004-08-16 Updated Date： 2004-08-23 CVE Number： CVE-MAP-NOMATCH Bugtraq ID：10960 Vulnerable： Gentoo Linux 1.4 Raxnet Cacti 0.5 Raxnet Cacti 0.6 Raxnet Cacti 0.6.1 Raxnet Cacti 0.6.2 Raxnet Cacti 0.6.3 Raxnet Cacti 0.6.4 Raxnet Cacti 0.6.5 Raxnet Cacti 0.6.6 Raxnet Cacti 0.6.7 + Debian Linux 3.0 Raxnet Cacti 0.6.8 a Raxnet Cacti 0.6.8 Raxnet Cacti 0.8 Raxnet Cacti 0.8.1 Raxnet Cacti 0.8.2 a Raxnet Cacti 0.8.2 Raxnet Cacti 0.8.3 a Raxnet Cacti 0.8.3 Raxnet Cacti 0.8.4 Raxnet Cacti 0.8.5 a Raxnet Cacti 0.8.5 Not Vulnerable： Description： RaXnet Cacti is reportedly affected by a remote SQL injection vulnerability. This issue occurs in the auth_login.php script due to a failure of the application to properly sanitize user-supplied "username" URI parameter input before using it in an SQL query. It is demonstrated that an attacker may exploit this vulnerability in order to bypass the authentication interface used by Cacti. Vender Status： No Patch Solution： Currently we are not aware of any vendor-supplied patches for this issue.

Editor： Marketing Dept

【Large Medium Small】【close】

■ LINK:

®2004 Information Security One (China) Ltd. All right reserved | Privacy Policy | Legal Notice