FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cacti -- SQL injection

Affected packages
cacti < 0.8.6


VuXML ID ca543e06-207a-11d9-814e-0001020eed82
Discovery 2004-08-16
Entry 2004-10-17

Fernando Quintero reports that Cacti 0.8.5a suffers from a SQL injection attack where an attacker can change the password for any Cacti user. This attack is not possible if the PHP option magic_quotes_gpc is set to On, which is the default for PHP in FreeBSD.