Cacti < 0.8.8b Command and SQL Injections
High Nessus Network Monitor Plugin ID 8004
SynopsisA web application hosted on the remote web server is affected by command injection and SQL injection vulnerabilities
DescriptionCacti is a network graphing solution designed to use the power of RRDTool's data storage and graphing functionality. According to its self-reported version number, the version of Cacti hosted on the remote web server is affected by command injection and SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may be able to leverage these issues to execute arbitrary code as well as access or modify the underlying database for the application
SolutionUpgrade to Cacti 0.8.8b or later.