HomePentest-Tools.com Logo

Cacti Multiple SQL Injection Vulnerabilities -01 April16 (Windows) CVE-2016-3172CVE-2016-3659

Severity
CVSSv3 Score
8.8
Vulnerability description

Cacti is prone to multiple SQL injection vulnerabilities.

Risk description

Multiple flaws exist due to: - An insufficient validation of user supplied input passed via HTTP GET parameter parent_id to tree.php script. - An insufficient validation of user supplied input passed via HTTP POST parameter host_group_data to graph_view.php script. Successful exploitation will allow remote attacker to execute arbitrary SQL commands.

Recommendation

Update to 0.8.8h or a higher version.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 12, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available