Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Cacti remote code and SQL injection vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cacti remote code and SQL injection vulnerability
Secunia has published a bulletin regarding vulnerabilities in the popular open-source network management web application, Cacti (versions <= 0.8.6i which is the current version).  The vulnerabilities include SQL injection and possible remote code execution.  There is public proof-of-concept code available.  If you run Cacti, you are urged to read the work-arounds in the bulletin until a patch/new version is released.

Secunia bullentin:
Cacti home:

Jim Clausing,  jclausing %% at %% isc dot sans dot org
I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022


423 Posts
ISC Handler
Dec 29th 2006

Sign Up for Free or Log In to start participating in the conversation!