[v2.6] cacti: incomplete and incorrect input parsing leads to remote code execution and SQL injection attacks (bug#0002455)
A patch has been released that fixes one more security issue in cacti 0.8.8 and 0.8.9:
http://svn.cacti.net/viewvc?view=rev&revision=7454
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=1127165
(from redmine: issue id 3297, created on 2014-08-15, closed on 2014-08-22)
- Relations:
- parent #3295 (closed)
- Changesets:
- Revision 36c2984e by Natanael Copa on 2014-08-21T09:03:00Z:
main/cacti: fix from upstream for incomplete and incorrect input parsing
ref #3295
fixes #3297
http://svn.cacti.net/viewvc?view=rev&revision=7454