Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 18 Jul 2015 19:31:21 +0200
From: Alessandro Ghedini <>
Subject: CVE Request: cacti multiple SQL injections


CVE-2015-4634 was assigned for an SQL injection in cacti [0], but according to
the commit fixing it [1] several other SQL injections were also found:

-bug#0002574: SQL Injection Vulnerabilitie in graph items and graph template items

-bug#0002579: SQL Injection Vulnerabilitie in data sources

-bug#0002580: SQL Injection in cdef.php

-bug#0002582: SQL Injection in data_templates.php

-bug#0002583: SQL Injection in graph_templates.php

-bug#0002584: SQL Injection in host_templates.php

Could CVEs be assigned for these issues as well?



Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ