cacti: SQL injection vulnerability in /cacti/tree.php (CVE-2016-3172)
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier
allows remote authenticated users to
execute arbitrary SQL commands via the parent_id parameter in an
item_edit action.
References:
http://bugs.cacti.net/view.php?id=2667
http://www.openwall.com/lists/oss-security/2016/03/10/13
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3172
(from redmine: issue id 5940, created on 2016-07-20, closed on 2016-08-09)
- Relations:
- child #5941 (closed)
- child #5942 (closed)
- child #5943 (closed)