Detections
Analytics

FreeBSD : cacti -- SQL injection (ca543e06-207a-11d9-814e-0001020eed82)

high Nessus Plugin ID 37124

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Fernando Quintero reports that Cacti 0.8.5a suffers from a SQL injection attack where an attacker can change the password for any Cacti user. This attack is not possible if the PHP option magic_quotes_gpc is set to On, which is the default for PHP in FreeBSD.

Solution

Update the affected package.

See Also

https://marc.info/?l=full-disclosure&m=109269427427368

http://www.nessus.org/u?8e677f60

Plugin Details

Severity: High

ID: 37124

File Name: freebsd_pkg_ca543e06207a11d9814e0001020eed82.nasl

Version: 1.13

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cacti, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/17/2004

Vulnerability Publication Date: 8/16/2004