Red Hat Bugzilla – Bug 609115
CVE-2010-1645 cacti: multiple command injection flaws (BONSAI-2010-0105)
Last modified: 2010-12-21 17:46:30 EST
Multiple input sanitization flaws were discovered in cacti. Authenticated cacti administrator could use these flaws to run shell commands with web server privileges.
Note: cacti administrator is always allowed to run commands as cacti user.
See also bug #595289 for some related discussion.
*** Bug 586064 has been marked as a duplicate of this bug. ***
This issue has been addressed in following products:
Red Hat HPC Solution for RHEL 5
Via RHSA-2010:0635 https://rhn.redhat.com/errata/RHSA-2010-0635.html