SQL injection vulnerability was discovered in cacti. This issue is fixed in latest upstream release - 0.8.7a: http://cacti.net/release_notes_0_8_7a.php http://forums.cacti.net/viewtopic.php?t=24367 Patches are also available for 0.8.6j and 0.8.7: http://www.cacti.net/download_patches.php Relevant SVN commit: http://svn.cacti.net/cgi-bin/viewvc.cgi?view=rev&revision=4289 PoC exploit can be found in the Gentoo bugzilla: http://bugs.gentoo.org/show_bug.cgi?id=199509#c6
Fixed in affected Fedora version: https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3667 https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3683