Cacti copy_cacti_user.php template_user Variable SQL Injection

high Nessus Plugin ID 23964

Language:

Synopsis

The remote web server contains a PHP script that is affected by a SQL injection issue.

Description

The remote host is running Cacti, a web-based, front end to RRDTool for network graphing.

The version of Cacti on the remote host does not properly check whether the 'copy_cacti_user.php' script is being run from a commandline and fails to sanitize user-supplied input before using it in database queries. Provided PHP's 'register_argc_argv' parameter is enabled, which is the default, an attacker can leverage this issue to launch SQL injection attacks against the underlying database and, for example, add arbitrary administrative users.

Solution

Unknown at this time.

Plugin Details

Severity: High

ID: 23964

File Name: cacti_copy_cacti_user_sql_injection.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 1/2/2007

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:the_cacti_group:cacti

Required KB Items: www/cacti

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 21823

Detections

Analytics