blob: 21c6b366a9833a40fb218d9d9b8a9ba78e25acbc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Description: SQL injection vulnerability in the host_new_graphs function in
graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users
to execute arbitrary SQL commands via crafted serialized data in the
selected_graphs_array parameter in a save action.
Author: Paul Gevers <elbrus@debian.org>
Bug: http://bugs.cacti.net/view.php?id=2652
Index: cacti/graphs_new.php
===================================================================
--- cacti.orig/graphs_new.php
+++ cacti/graphs_new.php
@@ -252,6 +252,9 @@ function host_new_graphs($host_id, $host
while (list($form_type, $form_array) = each($selected_graphs_array)) {
while (list($form_id1, $form_array2) = each($form_array)) {
+ /* ================= input validation ================= */
+ input_validate_input_number($form_id1);
+ /* ==================================================== */
if ($form_type == "cg") {
$graph_template_id = $form_id1;
@@ -260,6 +263,7 @@ function host_new_graphs($host_id, $host
while (list($form_id2, $form_array3) = each($form_array2)) {
/* ================= input validation ================= */
input_validate_input_number($snmp_query_id);
+ input_validate_input_number($form_id2);
/* ==================================================== */
$snmp_query_id = $form_id1;
|