CVE-2006-6799 - OpenCVE

SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
The Cacti Group	Cacti

Configuration 1 [-]

cpe:2.3:a:the_cacti_group:cacti:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/23528
http://secunia.com/advisories/23665
http://secunia.com/advisories/23917
http://secunia.com/advisories/23941
http://security.gentoo.org/glsa/glsa-200701-23.xml
http://securitytracker.com/id?1017451
http://www.cacti.net/release_notes_0_8_6j.php
http://www.debian.org/security/2007/dsa-1250
http://www.mandriva.com/security/advisories?name=MDKSA-2007:015
http://www.novell.com/linux/security/advisories/2007_07_cacti.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.001.html
http://www.securityfocus.com/archive/1/457290/100/0/threaded
http://www.securityfocus.com/bid/21799
http://www.vupen.com/english/advisories/2006/5193
https://exchange.xforce.ibmcloud.com/vulnerabilities/31177
https://www.exploit-db.com/exploits/3029

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-28T21:00:00

Updated: 2024-08-07T20:42:07.143Z

Reserved: 2006-12-28T00:00:00

Link: CVE-2006-6799

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-12-28T21:28:00.000

Modified: 2018-10-17T21:49:40.583

Link: CVE-2006-6799

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-27T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-1250", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1250"}, {"name": "OpenPKG-SA-2007.001", "tags": ["vendor-advisory", "x_refsource_OPENPKG"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.001.html"}, {"name": "23917", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23917"}, {"name": "MDKSA-2007:015", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:015"}, {"name": "23528", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23528"}, {"name": "1017451", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017451"}, {"name": "cacti-cmd-sql-injection(31177)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31177"}, {"name": "GLSA-200701-23", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200701-23.xml"}, {"name": "SUSE-SA:2007:007", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_07_cacti.html"}, {"name": "ADV-2006-5193", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/5193"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.cacti.net/release_notes_0_8_6j.php"}, {"name": "23665", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23665"}, {"name": "3029", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3029"}, {"name": "21799", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21799"}, {"name": "23941", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23941"}, {"name": "20070118 Re: FW: [cacti-announce] Cacti 0.8.6j Released", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/457290/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6799", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-1250", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1250"}, {"name": "OpenPKG-SA-2007.001", "refsource": "OPENPKG", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.001.html"}, {"name": "23917", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23917"}, {"name": "MDKSA-2007:015", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:015"}, {"name": "23528", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23528"}, {"name": "1017451", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017451"}, {"name": "cacti-cmd-sql-injection(31177)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31177"}, {"name": "GLSA-200701-23", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200701-23.xml"}, {"name": "SUSE-SA:2007:007", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_07_cacti.html"}, {"name": "ADV-2006-5193", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/5193"}, {"name": "http://www.cacti.net/release_notes_0_8_6j.php", "refsource": "CONFIRM", "url": "http://www.cacti.net/release_notes_0_8_6j.php"}, {"name": "23665", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23665"}, {"name": "3029", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3029"}, {"name": "21799", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21799"}, {"name": "23941", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23941"}, {"name": "20070118 Re: FW: [cacti-announce] Cacti 0.8.6j Released", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/457290/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:42:07.143Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-1250", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1250"}, {"name": "OpenPKG-SA-2007.001", "tags": ["vendor-advisory", "x_refsource_OPENPKG", "x_transferred"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.001.html"}, {"name": "23917", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23917"}, {"name": "MDKSA-2007:015", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:015"}, {"name": "23528", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23528"}, {"name": "1017451", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017451"}, {"name": "cacti-cmd-sql-injection(31177)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31177"}, {"name": "GLSA-200701-23", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200701-23.xml"}, {"name": "SUSE-SA:2007:007", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_07_cacti.html"}, {"name": "ADV-2006-5193", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/5193"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.cacti.net/release_notes_0_8_6j.php"}, {"name": "23665", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23665"}, {"name": "3029", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/3029"}, {"name": "21799", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21799"}, {"name": "23941", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23941"}, {"name": "20070118 Re: FW: [cacti-announce] Cacti 0.8.6j Released", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/457290/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6799", "datePublished": "2006-12-28T21:00:00", "dateReserved": "2006-12-28T00:00:00", "dateUpdated": "2024-08-07T20:42:07.143Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:the_cacti_group:cacti:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6D665BF-4F89-4333-81B2-0D6821E91C09", "versionEndIncluding": "0.8.6i", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en Cacti 0.8.6i y anteriores, cuando register_argc_argv est\u00e1 activado, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de los argumentos (1) segundo o (2) tercero de cmd.php. NOTA: este problema puede ser aprovechado para ejecutar comandos de su elecci\u00f3n puesto que los resultados de la consulta SQL son utilizados posteriormente en el array polling_items y la funci\u00f3n popen."}], "id": "CVE-2006-6799", "lastModified": "2018-10-17T21:49:40.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-28T21:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23528"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23665"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23917"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23941"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200701-23.xml"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017451"}, {"source": "cve@mitre.org", "url": "http://www.cacti.net/release_notes_0_8_6j.php"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1250"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:015"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_07_cacti.html"}, {"source": "cve@mitre.org", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.001.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/457290/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21799"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/5193"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31177"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3029"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}