Download
| Alert*
oval:org.secpod.oval:def:602390
Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphs_new.php script to execute arbitrary SQL commands on the database. oval:org.secpod.oval:def:1800830 SQL injection in graph.php. SQL Injection of Cacti was discovered in graph.php Cacti graphs_new.php SQL Injection Vulnerability. An SQL injection was found in /cacti/graphs_new.php, affected versions 0.8.8f and older. oval:org.secpod.oval:def:1800856 An SQL injection in graphs_new.php via cg_g parameter was found affecting version 0.8.8f and older. Note that this is different from CVE-2015-8377. oval:org.secpod.oval:def:1600382 Various cross-site scripting flaws and various SQL injection flaws were discovered affecting versions of Cacti prior to 0.8.8g. |