|Category:||Mandrake Local Security Checks|
|Title:||Mandriva Security Advisory MDVSA-2010:092 (cacti)|
|Summary:||Mandriva Security Advisory MDVSA-2010:092 (cacti)|
|Description:||The remote host is missing an update to cacti|
announced via advisory MDVSA-2010:092.
A vulnerability has been found and corrected in cacti:
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e
and earlier allows remote attackers to execute arbitrary SQL commands
via the export_item_id parameter (CVE-2010-1431).
Additionally cacti has been upgraded to 0.8.7e for Corporate Server 4.
The updated packages have been patched to correct this issue.
Affected: Corporate 4.0, Enterprise Server 5.0
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2010-1431|
Debian Security Information: DSA-2039 (Google Search)
RedHat Security Advisories: RHSA-2010:0635
SuSE Security Announcement: SUSE-SR:2010:011 (Google Search)
BugTraq ID: 39653
|Copyright||Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com|
|This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.