Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks.
|net-analyzer/cacti on all architectures
Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality.
Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details.
A remote attacker could execute arbitrary SQL commands via specially crafted parameters, execute arbitrary shell code or inject malicious script code.
There is no known workaround at this time.
All Cacti users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.8b"