Cacti copy_cacti_user.php template_user Variable SQL Injection

high Nessus Plugin ID 23964

Synopsis

The remote web server contains a PHP script that is affected by a SQL injection issue.

Description

The remote host is running Cacti, a web-based, front end to RRDTool for network graphing.

The version of Cacti on the remote host does not properly check whether the 'copy_cacti_user.php' script is being run from a commandline and fails to sanitize user-supplied input before using it in database queries. Provided PHP's 'register_argc_argv' parameter is enabled, which is the default, an attacker can leverage this issue to launch SQL injection attacks against the underlying database and, for example, add arbitrary administrative users.

Solution

Unknown at this time.

Plugin Details

Severity: High

ID: 23964

File Name: cacti_copy_cacti_user_sql_injection.nasl

Version: 1.24

Type: remote

Family: CGI abuses

Published: 1/2/2007

Updated: 9/24/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:the_cacti_group:cacti

Required KB Items: www/cacti

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 21823