FreeBSD : cacti -- multiple vulnerabilities (86224a04-26de-11ea-97f2-001a8c5c04b6)
Medium Nessus Plugin ID 132683
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe cacti developers reports :
When viewing graphs, some input variables are not properly checked (SQL injection possible).
Multiple instances of lib/functions.php are affected by unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.
SolutionUpdate the affected package.