DEBIAN-CVE-2006-6799

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2006-6799

Downstream

DSA-1250-1

Published: 28 Dec 2006, 21:28

Last modified:27 May 2026, 11:00

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

28 Dec 2006, 21:28

Published

Vulnerability first disclosed

27 May 2026, 11:00

Last Modified

Vulnerability information updated

Description

SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.

Affected Systems

debian•cacti
< 0.8.6i-3 | < 0.8.6i-3 | < 0.8.6i-3 | < 0.8.6i-3

References (1)

https://security-tracker.debian.org/tracker/CVE-2006-6799