[v2.5] cacti: incomplete and incorrect input parsing leads to remote code execution and SQL injection attacks (bug#0002455)
A patch has been released that fixes one more security issue in cacti 0.8.8 and 0.8.9:
http://svn.cacti.net/viewvc?view=rev&revision=7454
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=1127165
(from redmine: issue id 3296, created on 2014-08-15, closed on 2014-08-22)
- Relations:
- parent #3295 (closed)
- Changesets:
- Revision 1121624a by Natanael Copa on 2014-08-21T09:07:24Z:
main/cacti: fix from upstream for incomplete and incorrect input parsing
ref #3295
fixes #3296
http://svn.cacti.net/viewvc?view=rev&revision=7454