PublicDate: 2006-12-28 21:28:00 UTC
Candidate: CVE-2006-6799
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6799
Description:
 SQL injection vulnerability in Cacti 0.8.6i and earlier, when
 register_argc_argv is enabled, allows remote attackers to execute arbitrary
 SQL commands via the (1) second or (2) third arguments to cmd.php.  NOTE:
 this issue can be leveraged to execute arbitrary commands since the SQL
 query results are later used in the polling_items array and popen function.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_cacti: released (0.8.6h-1ubuntu3.1)
edgy_cacti: released (0.8.6h-3ubuntu0.1)
feisty_cacti: released (0.8.6i-3)
devel_cacti: released (0.8.6i-3)
upstream_cacti: needs-triage