MDVSA-2013:228 -- Mandriva cactiID: oval:org.secpod.oval:def:1300225 | Date: (C)2013-11-01 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been discovered and corrected in cacti: Multiple cross-site scripting vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via the step parameter to install/index.php or the id parameter to cacti/host.php . SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Enterprise Server 5.2 |