Amazon Linux 1 Security Advisory: ALAS-2013-222
Advisory Release Date: 2013-09-04 13:33 Pacific
Advisory Updated Date: 2014-09-15 23:22 Pacific
(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Affected Packages:
cacti
Issue Correction:
Run yum update cacti to update your system.
noarch:
cacti-0.8.8b-2.10.amzn1.noarch
src:
cacti-0.8.8b-2.10.amzn1.src