Release Notes - 0.8.6f
Important Security Fixes
The PHP-Hardened Project has discovered three new critical security issues in Cacti. Full disclosures are linked below.
- 032005: Cacti Multiple SQL Injection Vulnerabilities
- 042005: Cacti Remote Command Execution Vulnerability
- 052005: Cacti Authentication/Addslashes Bypass Vulnerability
It is highly recommended that all users upgrade immediately. For users whom are unable to upgrade, two different patches have been provided.
- [Download]: For users of Cacti 0.8.6e
- [Download]: For users of Cacti 0.8.6d using the Cacti 0.8.6e security patch.
No SQL changes have been made in this release.
security: Hardened PHP Project Advisory #042005 - Cacti Authentication/Addslashes Bypass Vulnerability
security: Hardened PHP Project Advisory #022005 - Cacti Multiple SQL Injection Vulnerabilities
security: Hardened PHP Project Advisory #032005 - Cacti Remote Command Execution Vulnerability