An SQL injection vulnerability was reported in cacti . Input passed via the 'export_item_id' parameter to the templates_export.php script is not properly sanitized prior to being used in an SQL query. Upstream has provided a patch to correct this issue .
Created cacti tracking bugs for this issue
Affects: fedora-all [bug 585402]
bug 585207 has addressed this in Fedora and EPEL.
This has been assigned CVE-2010-1431.
Direct link to BONSAI-2010-0104 advisory:
This issue has been addressed in following products:
Red Hat HPC Solution for RHEL 5
Via RHSA-2010:0635 https://rhn.redhat.com/errata/RHSA-2010-0635.html