Download
| Alert*
oval:org.secpod.oval:def:602390
Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphs_new.php script to execute arbitrary SQL commands on the database. oval:org.secpod.oval:def:1800856 An SQL injection in graphs_new.php via cg_g parameter was found affecting version 0.8.8f and older. Note that this is different from CVE-2015-8377. oval:org.secpod.oval:def:1600382 Various cross-site scripting flaws and various SQL injection flaws were discovered affecting versions of Cacti prior to 0.8.8g. |