CVE-2006-6799

Publication date 28 December 2006

Last updated 24 July 2024

Ubuntu priority

SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
cacti	7.04 feisty	Fixed 0.8.6i-3
	6.10 edgy	Fixed 0.8.6h-3ubuntu0.1
	6.06 LTS dapper	Fixed 0.8.6h-1ubuntu3.1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2006-6799