Test ID:	1.3.6.1.4.1.25623.1.0.67560
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:117 (cacti)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to cacti announced via advisory MDVSA-2010:117. A vulnerability has been discovered and corrected in cacti: SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which bypasses the validation routine (CVE-2010-2092). The updated packages have been patched to correct this issue. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:117 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2092 Debian Security Information: DSA-2060 (Google Search) http://www.debian.org/security/2010/dsa-2060 http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html RedHat Security Advisories: RHSA-2010:0635 https://rhn.redhat.com/errata/RHSA-2010-0635.html http://secunia.com/advisories/41041 http://www.vupen.com/english/advisories/2010/2132
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.