CVE-2006-6799

by Fred · 28/12/2006

SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.

Date published : 2006-12-28

http://www.securityfocus.com/bid/21799

http://www.securityfocus.com/archive/1/457290/100/0/threaded

CVE-2006-6799

Similar

Recent Posts

Categories

CVE-2006-6799

Share this:

Similar

Recent Posts

Categories

Tags