CVE-2010-2092
cacti - SQL injection
EPSS 0.14%
Description
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.
How to fix CVE-2010-2092
To remediate CVE-2010-2092, upgrade the affected package to a fixed version below.
- Debian/cacti—upgrade to 0.8.7e-4 or later
- —upgrade to 0.8.7b-2.1+lenny3 or later
Is CVE-2010-2092 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.8.7e-4
- from 0, < 0.8.7b-2.1+lenny3