Vigil@nce: Cacti, SQL injection
April 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use the export_item_id parameter, in
order to inject SQL queries in Cacti.
– Severity: 2/4
– Creation date: 23/04/2010
DESCRIPTION OF THE VULNERABILITY
The templates_export.php script of Cacti exports a template, whose
identifier is indicated in the "export_item_id" variable.
However, this identifier is not filtered before being used in a
SQL query.
An authenticated attacker can therefore use the export_item_id
parameter, in order to inject SQL queries in Cacti. Depending on
the injected query, the attacker can for example alter data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN