oss-sec mailing list archives
CVE request: cacti "bug#0002405: SQL injection in graph_xport.php"
From: Murray McAllister <mmcallis () redhat com>
Date: Tue, 01 Apr 2014 18:14:57 +1100
Hi all,After seeing https://bugs.gentoo.org/show_bug.cgi?id=506356#c1 and trying (unsuccessfully) to find a CVE-2014-2327 fix, I came across this commit:
bug#0002405: SQL injection in graph_xport.php - Fixed form input validation problems - Fixed rrd export and graph shell escape issues http://svn.cacti.net/viewvc/cacti/branches/0.8.8/lib/rrd.php?r1=7437&r2=7439Can a CVE please be assigned? (I thought it may have been "http://svn.cacti.net/viewvc?view=rev&revision=7393 -> fix_quoting_in_rrd_command_CVE-2013-1435.patch -> CVE-2013-1435" from "[oss-security] CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b", but it seems like a different/new issue.)
(Have not filed a Red Hat bug) Cheers, -- Murray McAllister / Red Hat Security Response Team
Current thread:
- CVE request: cacti "bug#0002405: SQL injection in graph_xport.php" Murray McAllister (Apr 01)
- Re: CVE request: cacti "bug#0002405: SQL injection in graph_xport.php" cve-assign (Apr 03)