Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 01 Apr 2014 18:14:57 +1100
From: Murray McAllister <>
Subject: CVE request: cacti "bug#0002405: SQL injection in graph_xport.php"

Hi all,

After seeing and 
trying (unsuccessfully) to find a CVE-2014-2327 fix, I came across this 

bug#0002405: SQL injection in graph_xport.php

  - Fixed form input validation problems
  - Fixed rrd export and graph shell escape issues

Can a CVE please be assigned? (I thought it may have been 
" -> 
fix_quoting_in_rrd_command_CVE-2013-1435.patch -> CVE-2013-1435" from 
"[oss-security] CVE request: SQL injection and shell escaping issues in 
Cacti < 0.8.8b", but it seems like a different/new issue.)

(Have not filed a Red Hat bug)


Murray McAllister / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ