Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: debian
Published: 2005-07-06T04:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2005-07-06T00:00:00
Link: CVE-2005-2148
JSON object: View
NVD Information
Status : Modified
Published: 2005-07-06T04:00:00.000
Modified: 2017-07-11T01:32:46.970
Link: CVE-2005-2148
JSON object: View
Redhat Information
No data.
CWE