[Bug 201702] net-mgmt/cacti: Multiple XSS and SQL injection vulnerabilities (CVE-2015-4634)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Jul 19 23:44:12 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201702
Bug ID: 201702
Summary: net-mgmt/cacti: Multiple XSS and SQL injection
vulnerabilities (CVE-2015-4634)
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: jason.unovitch at gmail.com
CC: freebsd-ports at dan.me.uk
Flags: maintainer-feedback?(freebsd-ports at dan.me.uk)
CC: freebsd-ports at dan.me.uk
Maintainer of net-mgmt/cacti,
Cacti 0.8.8e was released featuring multiple security fixes.
Release Notes - 0.8.8e
Important Security Fixes
Multiple XSS and SQL injection vulnerabilities
CVE-2015-4634 - SQL injection in graphs.php
Changelog
bug: Fixed issue with graph zooming failing to work
bug: Fixed various SQL Injection vectors
bug#0002569: Impossible to have a URL pointing directly to a graph
bug#0002574: SQL Injection Vulnerabilities in graph items and graph template
items
bug#0002577: CVE-2015-4634 - SQL injection in graphs.php
bug#0002579: SQL Injection Vulnerabilities in data sources
bug#0002580: SQL Injection in cdef.php
bug#0002582: SQL Injection in data_templates.php
bug#0002583: SQL Injection in graph_templates.php
bug#0002584: SQL Injection in host_templates.php
bug#0002586: Cannot delete data sources from the GUI
bug#0002592: graph_view.php - viewing host in new tab - Undefined index: nodeid
bug#0002594: status_fail_date and status_rec_date are set incorrectly after
host is marked down
bug#0002597: Incorrect value in Hosts column on Host Templates page
bug#0002598: Incorrect row number in Devices -> (Edit) page
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list