Description: rgod has discovered three vulnerabilities in Cacti, which can be exploited by malicious people to bypass certain security restrictions, manipulate data and compromise vulnerable systems. 1) The cmd.php script does not properly restrict access to command line usage and is installed in a web-accessible location. Successful exploitation requires that "register_argc_argv" is enabled. 2) Input passed in the URL to cmd.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "register_argc_argv" is enabled. 3) The results from the SQL queries in 2) in cmd.php are not properly sanitised before being used as shell commands. This can be exploited to inject arbitrary shell commands. The vulnerabilities are confirmed in version 0.8.6i. Other versions may also be affected. Solution: Move the "cmd.php" script to a not web-accessible path, and update other scripts accordingly. Edit the source code to ensure that input is properly sanitised. Provided and/or discovered by: rgod
*** This bug has been marked as a duplicate of 159278 ***