CVE-2010-2092 in Cacti信息

摘要

由 VulDB • 2026-07-14

Cacti 0.8.7e及更早版本中的graph.php存在SQL注入漏洞,远程攻击者可通过在GET请求中构造恶意的rra_id参数(并结合POST请求或Cookie中的有效rra_id值),导致POST或Cookie值绕过验证例程,但将$_GET的值插入到最终查询中,从而执行任意SQL命令。

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

来源

Do you want to use VulDB in your project?

Use the official API to access entries easily!