Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cacti has a SQL Injection vulnerability when using tree rules through Automation API
Vulnerability Description
Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Cacti 安全漏洞
Vulnerability Description
Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据,使用RRDtool绘画图形进行分析,并提供数据和用户管理功能。 Cacti存在安全漏洞,该漏洞源于automation_tree_rules.php中存储的数据未充分检查,并在build_rule_item_filter函数中用于拼接SQL语句,导致SQL注入。
CVSS Information
N/A
Vulnerability Type
N/A