Cacti SQL Injection Vulnerability (CVE-2015-4342)

Cacti SQL Injection Vulnerability (CVE-2015-4342)
Cacti SQL Injection Vulnerability (CVE-2015-4342)

Release date:
Updated on:

Affected Systems:

Cacti Cacti < 0.8.8d

Description:

CVE (CAN) ID: CVE-2015-4342

Cacti is a database round robin (RRD) tool that helps you create images from database information. It has multiple Linux versions.

In Cacti versions earlier than 0.8.8d, the SQL injection vulnerability exists. Remote attackers can execute arbitrary SQL commands by using cdef id-related vectors.

<* Source: unhex
*>

Suggestion:

Vendor patch:

Cacti
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://bugs.cacti.net/view.php? Id = 2571

Http://www.cacti.net/release_notes_0_8_8d.php

-------------------------------------- Split line --------------------------------------

In RHEL6.4, the Cacti + Spine monitoring host is used to send mail alarms.

Use Cacti + Spine to monitor remote hosts in RHEL6.4

CentOS 5.5 complete installation of Cacti + Spine

Cacti construction document under CentOS 6

Detailed description of Cacti monitoring deployment under RHEL5.9

How to install Cacti in CentOS 6.3

Quick installation and configuration of Cacti in CentOS Linux

-------------------------------------- Split line --------------------------------------

Cacti details: click here
Cacti: click here

This article permanently updates the link address: