An SQL injection vulnerability was reported in cacti [1]. Input passed via the 'export_item_id' parameter to the templates_export.php script is not properly sanitized prior to being used in an SQL query. Upstream has provided a patch to correct this issue [2]. [1] http://seclists.org/fulldisclosure/2010/Apr/272 [2] http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
Created cacti tracking bugs for this issue Affects: fedora-all [bug 585402]
bug 585207 has addressed this in Fedora and EPEL.
This has been assigned CVE-2010-1431.
Direct link to BONSAI-2010-0104 advisory: http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.php
This issue has been addressed in following products: Red Hat HPC Solution for RHEL 5 Via RHSA-2010:0635 https://rhn.redhat.com/errata/RHSA-2010-0635.html