|
Description
|
|
Multiple vulnerabilities were identified in Cacti, which could be exploited by malicious users to execute arbitrary code or conduct SQL injection attacks.
- The first issue is due to an input validation error in the "graph.php" file that does not properly filter specially crafted requests, which could be exploited by malicious users to conduct SQL injection attacks.
- The second vulnerability is due to an input validation error in the "graph_image.php" script that does not properly filter user-supplied input, which could be exploited by remote attackers to execute arbitrary shell commands.
- The third flaw resides in the "config.php" file when processing specially crafted "SESSION" variables, which could be exploited by attackers to bypass the authentication procedure and gain unauthorized administrative access to the application.
|
