> > rationale: template_id is sanitized at line 1048:
> > input_validate_input_number(get_request_var_request("template_id"));
> […]
> > Chris: you worked on cacti in jessie and triaged it not-affected. Jessie
> > has a similar version, does this match your findings?
>
> Ah yes; well-spotted. :)
Hi Hugo,
> rationale: template_id is sanitized at line 1048:
> input_validate_input_number(get_request_var_request("template_id"));
[…]
> Chris: you worked on cacti in jessie and triaged it not-affected. Jessie
> has a similar version, does this match your findings?
Ah yes; well-spotted. :)
Hi,
after taking a look at the source code, this vulnerability does not seem to
affect cacti 0.8.8h+ds1-10 (stretch).
rationale: template_id is sanitized at line 1048:
input_validate_input_number(get_request_var_request("template_id"));
This check was replaced over time and gradually
Source: cacti
Version: 1.2.7+ds1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/Cacti/cacti/issues/3025
Hi,
The following vulnerability was published for cacti.
CVE-2019-17357[0]:
|When viewing graphs, some input variables are not properly checked (SQL
|injection
4 matches
Mail list logo