CVE-2010-1431 — cacti - missing input sanitising

Description

SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.

How to fix CVE-2010-1431

To remediate CVE-2010-1431, upgrade the affected package to a fixed version below.

Debian/cacti—upgrade to 0.8.7e-3 or later
Debian/cacti—upgrade to 0.8.7b-2.1+lenny2 or later

Is CVE-2010-1431 being exploited?

Moderate — EPSS is 6.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 0.8.7e-3
from 0, < 0.8.7b-2.1+lenny2

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-1431