FreeBSD : cacti -- SQL injection (ca543e06-207a-11d9-814e-0001020eed82)
High Nessus Plugin ID 37124
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionFernando Quintero reports that Cacti 0.8.5a suffers from a SQL injection attack where an attacker can change the password for any Cacti user. This attack is not possible if the PHP option magic_quotes_gpc is set to On, which is the default for PHP in FreeBSD.
SolutionUpdate the affected package.