cacti: multiple SQL injections (CVE-2015-4634)
CVE-2015-4634 was assigned for an SQL injection in cacti [0], but
according to
the commit fixing it [1] several other SQL injections were also found:
-bug#0002574: SQL Injection Vulnerabilitie in graph items and graph
template items
http://bugs.cacti.net/view.php?id=0002574
-bug#0002579: SQL Injection Vulnerabilitie in data sources
http://bugs.cacti.net/view.php?id=0002579
-bug#0002580: SQL Injection in cdef.php
http://bugs.cacti.net/view.php?id=0002580
-bug#0002582: SQL Injection in data_templates.php
http://bugs.cacti.net/view.php?id=0002582
-bug#0002583: SQL Injection in graph_templates.php
http://bugs.cacti.net/view.php?id=0002583
-bug#0002584: SQL Injection in host_templates.php
http://bugs.cacti.net/view.php?id=0002584
Reference:
http://seclists.org/oss-sec/2015/q3/150
(from redmine: issue id 4478, created on 2015-07-24, closed on 2015-07-31)
- Relations:
- child #4479 (closed)
- child #4480 (closed)
- child #4481 (closed)
- child #4482 (closed)