#############################################################################
#
#   DBAPPSECURITY  LIMITED http://www.dbappsecurity.com.cn/
#
#############################################################################
#
# CVE ID:   CVE-2015-4342
# Product:   cacti
# Subject:   SQL Injection and Location header injection from cdef id
# Author:  unhex
# Date:     June 9th 2015
#
#############################################################################

The following issue has been RESOLVED. 
====================================================================== 
http://bugs.cacti.net/view.php?id=2571 
====================================================================== 
Reported By:                unhex
Assigned To:                rony
====================================================================== 
Project:                    Cacti
Issue ID:                   2571
Category:                   Database
Reproducibility:            always
Severity:                   feature
Priority:                   normal
Status:                     resolved
Resolution:                 fixed
Fixed in Version:           0.8.8d
====================================================================== 
Date Submitted:             2015-06-02 23:39 EDT
Last Modified:              2015-06-08 11:51 EDT
====================================================================== 
Summary:                    SQL Injection and Location header injection from
cdef id
Description: 
I found the security vulnerability.U can receive  the attachment.
====================================================================== 

---------------------------------------------------------------------- 
(0006864) rony (administrator) - 2015-06-08 11:51
http://bugs.cacti.net/view.php?id=2571#c6864 
---------------------------------------------------------------------- 
Issue resolved. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2015-06-02 23:39 unhex          New Issue                                    
2015-06-03 02:30 Linegod        Status                   new => assigned     
2015-06-03 02:30 Linegod        Assigned To               => cigamit         
2015-06-06 07:26 unhex          Note Added: 0006863                          
2015-06-08 11:48 rony           Assigned To              cigamit => rony     
2015-06-08 11:49 rony           Fixed in Version          => 0.8.8d          
2015-06-08 11:49 rony           Summary                  a security
vulnerability => SQL Injection and Location header injection from cdef id
2015-06-08 11:51 rony           Note Added: 0006864                          
2015-06-08 11:51 rony           Status                   assigned => resolved
2015-06-08 11:51 rony           Resolution               open => fixed       
======================================================================