Cacti Superlinks plug-in 1.4-2 SQL Injection Vulnerability

Cacti Superlinks plug-in 1.4-2 SQL Injection Vulnerability

Release date:
Updated on:

Affected Systems:
Cacti superlinks 1.4-2
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-4644
 
Cacti is a database round robin (RRD) tool that helps you create images from database information. It has multiple Linux versions. The superlinks plug-in allows Cacti UI to be expanded to be easy for non-plug-in developers.
 
In Cacti superlinks plug-in 1.4-2, superlinks. php has the SQL injection vulnerability in implementation, which allows remote attackers to execute SQL commands by using the id parameter.

In RHEL6.4, the Cacti + Spine monitoring host is used to send mail alarms.

Use Cacti + Spine to monitor remote hosts in RHEL6.4

CentOS 5.5 complete installation of Cacti + Spine

Cacti construction document under CentOS 6

Detailed description of Cacti monitoring deployment under RHEL5.9

How to install Cacti in CentOS 6.3

Quick installation and configuration of Cacti in CentOS Linux
 
<* Source: Greek Hacking Scene

Link: http://www.exploit-db.com/exploits/33809/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Cacti
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
 
Http://docs.cacti.net/plugin:superlinks

Cacti details: click here
Cacti: click here

This article permanently updates the link address: