PublicDate: 2005-07-06 04:00:00 UTC
Candidate: CVE-2005-2148
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2148
Description:
 Cacti 0.8.6e and earlier does not perform proper input validation to
 protect against common attacks, which allows remote attackers to execute
 arbitrary commands or SQL by sending a legitimate value in a POST request
 or cookie, then specifying the attack string in the URL, which causes the
 get_request_var function to return the wrong value in the $_REQUEST
 variable, which is cleansed while the original malicious $_GET value
 remains unmodified, as demonstrated in (1) graph_image.php and (2)
 graph.php.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_cacti: released (0.8.6h-1ubuntu3.1)
edgy_cacti: released (0.8.6h-3ubuntu0.1)
feisty_cacti: released (0.8.6i-3)
devel_cacti: released (0.8.6i-3)
upstream_cacti: needs-triage