Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2015.278
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-278-1)
Summary:	The remote host is missing an update for the Debian 'cacti' package(s) announced via the DLA-278-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'cacti' package(s) announced via the DLA-278-1 advisory. Vulnerability Insight: Several SQL injection vulnerabilities were discovered in cacti, a frontend to rrdtool for monitoring systems and service: CVE-2015-4634 SQL injection vulnerability in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands in graphs.php Currently unknown or unassigned CVE's SQL injection vulnerability in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands in cdef.php, color.php, data_input.php, data_queries.php, data_sources.php, data_templates.php, gprint_presets.php, graph_templates.php, graph_templates_items.php, graphs_items.php, host.php, host_templates.php, lib/functions.php, rra.php, tree.php and user_admin.php For the oldoldstable distribution (squeeze), these problems have been fixed in version 0.8.7g-1+squeeze7. Affected Software/OS: 'cacti' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4634 Debian Security Information: DSA-3312 (Google Search) http://www.debian.org/security/2015/dsa-3312 http://www.securitytracker.com/id/1032989 SuSE Security Announcement: openSUSE-SU-2015:1285 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-07/msg00052.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.