CVE-2011-4824

Published: 15 December 2011

SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter.

Priority

Status

Package	Release	Status
cacti Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Released (0.8.7e-2ubuntu0.2)
	maverick	Released (0.8.7g-1ubuntu0.1)
	natty	Released (0.8.7g-1ubuntu0.1)
	oneiric	Released (0.8.7g-2.1ubuntu0.1)
	precise	Not vulnerable (0.8.7i-2ubuntu1)
	upstream	Released (0.8.7h)
	Patches: debdiff: https://bugs.launchpad.net/ubuntu/+source/cacti/+bug/906773 upstream: http://svn.cacti.net/viewvc?view=rev&revision=6807

References

https://www.cve.org/CVERecord?id=CVE-2011-4824
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/cacti/+bug/906773
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652371

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›