CVE-2010-2092
EPSS 0.14%cacti - SQL injection
發布日:2010/5/27修改日:2026/5/27
也稱為:DEBIAN-CVE-2010-2092
描述
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.
受影響套件(2)
- Debian/cactifrom 0, < 0.8.7e-4
- Debian/cactifrom 0, < 0.8.7b-2.1+lenny3