Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 18 Jul 2015 19:31:21 +0200
From: Alessandro Ghedini <>
Subject: CVE Request: cacti multiple SQL injections


CVE-2015-4634 was assigned for an SQL injection in cacti [0], but according to
the commit fixing it [1] several other SQL injections were also found:

-bug#0002574: SQL Injection Vulnerabilitie in graph items and graph template items

-bug#0002579: SQL Injection Vulnerabilitie in data sources

-bug#0002580: SQL Injection in cdef.php

-bug#0002582: SQL Injection in data_templates.php

-bug#0002583: SQL Injection in graph_templates.php

-bug#0002584: SQL Injection in host_templates.php

Could CVEs be assigned for these issues as well?



Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.