[3.3] cacti: SQL injection vulnerability in /cacti/tree.php (CVE-2016-3172)
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier
allows remote authenticated users to
execute arbitrary SQL commands via the parent_id parameter in an
item_edit action.
References:
http://bugs.cacti.net/view.php?id=2667
http://www.openwall.com/lists/oss-security/2016/03/10/13
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3172
(from redmine: issue id 5941, created on 2016-07-20, closed on 2016-08-09)
- Relations:
- parent #5940 (closed)
- Changesets:
- Revision a32d5ff1 on 2016-08-05T11:55:22Z:
main/cacti: security fix (CVE-2016-3172). Fixes #5941