Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cacti 'graph.php' SQL注入漏洞
Vulnerability Description
Cacti是一款轮循数据库(RRD)工具,可帮助从数据库信息创建图形,有多个Linux版本。 Cacti 0.8.7e及之前版本的graph.php中存在SQL注入漏洞。远程攻击者可利用与POST请求或cookie中有效rra_id值相关的GET请求中的rra_id参数绕开验证流程,执行任意SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A